Any thoughts on the below ?
On Fri, Jan 27, 2017 at 10:57 AM, karthik kn <keyan...@gmail.com> wrote:
> Hi All,
> We were able to update the jsf version to the lates and randomly generate
> the enc key as mentioned in
> https://wiki.apache.org/myfaces/Secure_Your_Appli
the sources: http://svn.apache.org/viewvc/
> myfaces/core/branches/1.1.x/
>
> Regards,
> Thomas
>
> 2016-12-23 11:21 GMT+01:00 karthik kn <keyan...@gmail.com>:
>
> > Hi All,
> > Any thoughts on the below ?
> >
> > On Wed, Dec 21, 2016 at 10:22 AM, karthik
Hi,
If i use a new key in web.xml as SECRET, it could be still exposed to the
Administrator on accessing the system.
Wont this cause a vulnerability ? Is there any other mechanism of storing
the secret ?
On Tue, Dec 20, 2016 at 6:52 PM, Moritz Bechler wrote:
> Hi,
>
> >
o old. Please update to 1.1.8 or upper versions.
>
> See https://wiki.apache.org/myfaces/Secure_Your_Application for details.
>
> regards,
>
> Leonardo Uribe
>
> 2016-12-19 5:44 GMT-05:00 karthik kn <keyan...@gmail.com>:
>
> > Hi,
> > I am using
Hi,
Thank you for clarification. Using the secret mentioned in the below page
would suffice or there is some mechanism to generate the SECRET ?
https://wiki.apache.org/myfaces/Secure_Your_Application
org.apache.myfaces.SECRET
MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIz
org.apache.myfaces.ALGORITHM
Hi All,
Any thoughts on the below ?
On Wed, Dec 21, 2016 at 10:22 AM, karthik kn <keyan...@gmail.com> wrote:
> Hi,
> If i use a new key in web.xml as SECRET, it could be still exposed to the
> Administrator on accessing the system.
>
> Wont this cause a vulnerability
Hi,
I am using myfaces-1.1.5 and using the following state saving method
javax.faces.STATE_SAVING_METHODserver
However,i see that the object identifier is being sent to the server as
following
This is the serialized object identifier sent over the network
We are using only https and not
7 matches
Mail list logo