Hi Sameera, When passing url parameters, are you going to encrypt them and pass ?
On Fri, Nov 28, 2014 at 11:29 AM, Udara Liyanage <[email protected]> wrote: > Hi, > > Either was is not 100% secure uncless you use HTTPS. However disadvantages > of passing via url parameter is there is a posibility that url parameters > may be printed in logs which is insecure. > > On Fri, Nov 28, 2014 at 9:05 AM, Sameera Jayaratna <[email protected]> > wrote: > >> Hi, >> >> I'm working on Password recovery for ES, following [1]. >> >> According to [1], in the sequence of calls to the >> *UserInformationRecoveryService, >> *the key generated in one call needs to be passed to the next call for >> verification. These calls occur in different views, so we need to pass the >> keys from one view to the next. >> >> What is the best way to do this? >> >> >> - passing as url parameters? >> - storing them in the session? >> >> Is there any security concerns related to either approach? >> Or is there a better way to do this? >> >> Any thoughts on this would be helpful. >> >> Thank you, >> Sameera >> >> [1] https://docs.wso2.com/display/IS500/Recover+with+Secret+Questions >> >> -- >> >> >> >> *Thanks & Regards,Sameera Jayaratna Software Engineer; **WSO2 Inc. * >> >> *lean . enterprise . middleware | http://wso2.com <http://wso2.com> * >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > > Udara Liyanage > Software Engineer > WSO2, Inc.: http://wso2.com > lean. enterprise. middleware > > web: http://udaraliyanage.wordpress.com > phone: +94 71 443 6897 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Mahesh Chinthaka Vidanagama* | Software Engineer WSO2, Inc | lean. enterprise. middleware. #20, Palm Grove, Colombo 03, Sri Lanka Mobile: +94 71 63 63 083 | Work: +94 112 145 345 Email: [email protected] | Web: www.wso2.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
