« Return to Thread: Trails 1.2 & OGNL issues

Re: Trails Security unsecure ???

by Kalle Korhonen-2 :: Rate this Message:

Use POST to send the login form via https. These certainly are easily configurable but not necessarily the best defaults when you first start developing a web application - which is why Trails and web app frameworks typically have the simplest options for demonstration purposes.

Kalle

On Mon, May 26, 2008 at 7:41 AM, Tobias Marx <superoverdrive@...> wrote:

There are some issues about Trails Security that might maybe
be configurable - I hope they are.

By default, Trails Security is quite unsecure:

1. Username/password on the login page are passed via GET in the URL !!!
2. If Cookies are disabled, Session IDs are used - that are easily hijackable....

Is there a workaround?

Thanks!

Tobias

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

« Return to Thread: Trails 1.2 & OGNL issues