« Return to Thread: Trails 1.2 & OGNL issues

Trails Security unsecure ???

by Toby78 :: Rate this Message:

There are some issues about Trails Security that might maybe
be configurable - I hope they are.

By default, Trails Security is quite unsecure:

1. Username/password on the login page are passed via GET in the URL !!!
2. If Cookies are disabled, Session IDs are used - that are easily hijackable....

Is there a workaround?

Thanks!

Tobias

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email

« Return to Thread: Trails 1.2 & OGNL issues