Hi, In T5 every form stores a bunch of data on the client in a hidden field. It is mainly serialized action commands to be executed on form submission to restore the states of the form components (eg, element name). This is very convenient and can relieve the component user (eg, the page) from the task of maintaining the state. This is similar to the "view state" in ASP.NET. However, it is a serious security issue as a hacker may modify it to execute any existing code on the server that implements the command interface.
One may sign the view state using a key generated in the app. However, a hacker may inject it into any other context (different component, different component context, different user) without modifying it. So, we have to relate this view state to the same component & context (the action URL in the form) and to the same user (the session). Therefore, we may sign the view state+the complete URL using the session ID. As the session will expire in time, this should fight against replay attacks. However, the cost is that whenever we display a form, we will use a session. Any idea? -- Author of a book for learning Tapestry (http://www.agileskills2.org/EWDT) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
