why Seaside URLs are cool

Hi

I recently attended a speech called "Ruby on Rails Security":
http://events.ccc.de/congress/2007/Fahrplan/events/2252.en.html
Most of the things were not Rails specific but general secure web
programming. From a Seaside perspective two slides are interesting:

Slide 28
Rails 2.0 now per default adds a continuation key (they call it token)
to every form.

Slide 33
"Use unguessable URLs"

I wonder if this is still "how the web works" ;)

Cheers
Philippe
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

>>>>> "Philippe" == Philippe Marschall <[hidden email]> writes:

Philippe> Slide 28
Philippe> Rails 2.0 now per default adds a continuation key (they call it token)
Philippe> to every form.

Philippe> Slide 33
Philippe> "Use unguessable URLs"

Philippe> I wonder if this is still "how the web works" ;)

The web is both presentation... and interaction.  Presentation *should* be
bookmarkable.  Interaction should *not* be (except within a limited context).
Seaside makes it easy to do interaction, and possible to do presentation.
Most web frameworks are the other way around.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[hidden email]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside