I finally managed to use subdomains as account keys, just as in tadalist. Now I have an "account" variable in all my controllers, and was thinking about what implications I''m going to have on security, because the accounts table contains all account crypted passwords (of course). Is it secure or not ? David ? :) -- checking for life_signs in -lKenny... no Oh my god, make (1) killed Kenny ! You, bastards ! nicholas_wieland-at-yahoo-dot-it
On 03/03/2005, at 4:13 AM, Nicholas Wieland wrote:> I finally managed to use subdomains as account keys, just as in > tadalist.Cool.> Now I have an "account" variable in all my controllers, and was > thinking > about what implications I''m going to have on security, because the > accounts table contains all account crypted passwords (of course). > Is it secure or not ?I don''t think there''s anything inherently insecure about it. Only problem I could see is that If you allowed users to create their own erb templates that you just executed blindly... - tim lucas