[
https://issues.apache.org/jira/browse/TRINIDAD-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matthias Weßendorf resolved TRINIDAD-1375.
------------------------------------------
Resolution: Fixed
Fix Version/s: 1.2.11-core
Assignee: Matthias Weßendorf
Thanks to Blake Sullivan for his patch
> Increase strength of viewState token
> ------------------------------------
>
> Key: TRINIDAD-1375
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1375
> Project: MyFaces Trinidad
> Issue Type: Bug
> Components: Archetype
> Affects Versions: 1.2.10-core, 1.0.10-core
> Reporter: Blake Sullivan
> Assignee: Matthias Weßendorf
> Fix For: 1.2.11-core
>
> Attachments: JIRA_1375_12101.patch
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Strengthen the default seed used by TokenCache.getTokenCacheFromSession() to:
> 1) Use a cryptographically strong hash function to derive the token from teh
> JSessionId
> 2) Use a larger than 32-bit hash size
> The fix should:
> 1) Use the java cryptography apis to retrieve a sufficiently strong hash value
> 2) Use a larger, potentially 64 bit hash
> 3) Change the TokenCache to use a long seed rather than an int seed
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
