cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Curdt <tcu...@apache.org>
Subject Re: Possible security problem with flowscript
Date Fri, 15 Oct 2004 13:32:53 GMT
>>...but that *is* important: if you would be using a flow 
>>based authentication mechanism this is not a problem at all.
>>
> 
> Why? If flow checks the authentication, I simply use a continuation
> id from an authenticated user and I'm in the application. 

sure, same for any authentication mechanism that
stores the credentials inside the session. you
cannot prevent that.

it's like the key to your house. if you have it
you are in! that's how it is. otherwise you have
to authenticate on each request.

But I am glad "simply use a continuation id"
usually is not that simple ;-)

cheers
--
Torsten

Mime
View raw message