The password would be stored in plain text in your server's memory.  If
you're comfortable with that, then you're probably fine.  If you switch to
the Flow being stored on the client side (i.e. if you do clustering) then
you don't want to put the password there, as the entire flow scope is
serialized and then Base64-ed and stored as a request parameter.

-Scott


On Thu, Apr 16, 2009 at 5:33 AM, Giorgio R. <[email protected]> wrote:

> Hi developer,
> I need to put password value in flowScope. Can i have some
> security problem with this or not ?
>
> thanks alot.
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

Reply via email to