[Catalyst-dev] [RFC] Catalyst::Plugin::Session
Jonathan Rockway
jon at jrock.us
Wed Oct 18 00:53:06 CEST 2006
Agree. It provides no protection against packet sniffing (since the
sniffer can easily forge your IP), or XSS (since the XSS injection can
just XMLHTTPRequest the badness from the afflicted user's machine).
It's basically useless ;)
>> What do people think? Should we reset the C::P::Session to turn IP address
>> verification off by default?
>
> YES!
--
package JAPH;use Catalyst qw/-Debug/;($;=JAPH)->config(name => do {
$,.=reverse qw[Jonathan tsu rehton lre rekca Rockway][$_].[split //,
";$;"]->[$_].q; ;for 1..4;$,=~s;^.;;;$,});$;->setup;
More information about the Catalyst-dev
mailing list