[geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-admin.php, 1.127, 1.128 lib-security.php, 1.62, 1.63

Michael Jervis mjervis at gmail.com
Thu Feb 21 15:45:04 EST 2008

Previous message: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-admin.php, 1.127, 1.128 lib-security.php, 1.62, 1.63
Next message: [geeklog-devel] Security Tokens
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Security Tokens are a great idea. But I think this needs some

> discussion before being considered complete.

You only have part of the picture.

> SEC_createToken($page, $ttl);

TTL may become an argument.

> Make the caller responsible for uniquely naming what page he's on.

> Maybe the page the token is created on isn't the same page the token

> is processed on?

Read the rest of the commit. Run it. Understand it. Then comment.

> Likewise, what is this TTL mapping stuff? Make the caller responsible

> for saying "My page can sit on your browser for no longer than 5

> minutes." Mappings are unfriendly to plugins, too.

TTL not yet implemented or fully figured out. Work in progress.

Previous message: [geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-admin.php, 1.127, 1.128 lib-security.php, 1.62, 1.63
Next message: [geeklog-devel] Security Tokens
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list