[Catalyst] Encrypt /Decrypt URI
Matt S Trout
dbix-class at trout.me.uk
Fri May 18 14:38:20 GMT 2007
On Fri, May 18, 2007 at 06:38:37PM +0530, Harshal Shah wrote:
> Hi Matt,
>
>
> sorry for misleading ..but my problem is quite similar to
> http://www.mail-archive.com/catalyst@lists.rawmode.org/msg01940.html
>
> I got it to work by keeping my auth code in "auto"
A mixture of chained, controller base classes and pushing authentication
logic back into the model will often do the trick.
Encryption of URLs is *completely* useless for security - it has no effect
on replay attacks which are probably more likely than anything else and
substantially degrades the usability of the app.
The only use I can see for obfuscating the URL would be to convince a naive
client that your app's more secure than it is (note as Bruce Schneier says,
managing -perceived- security can be as important as managing -actual-
security, but don't confuse the two :).
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Technical Director Want a managed development or deployment platform?
Shadowcat Systems Ltd. Contact mst (at) shadowcatsystems.co.uk for a quote
http://chainsawblues.vox.com/ http://www.shadowcatsystems.co.uk/
More information about the Catalyst
mailing list