The only way we have determined that this is possible is with physical
access to the computer. As in any security scheme, that pretty well
trumps anything that doesn't rely on the user logging in every time,
and time-limited sessions.
As with any form of security, it's not a matter of absolutes, but
rather a balancing act between user discomfort and reasonable
protection. Nothing is foolproof, and the real problem is the user in
any case.
Walter
On Jul 29, 2011, at 1:46 PM, 7stud -- wrote:
> Okay, so the malicious user still has two weeks of access to the
> account
> for his troubles, right?
>
> --
> Posted via http://www.ruby-forum.com/.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonrails-
> talk@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com
> .
> For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
> .
>
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment