https://jira.jboss.org/browse/SEAMFACES-26
On Wed, Jun 9, 2010 at 11:11 AM, Lincoln Baxter, III < [email protected]> wrote: > Next question - what is our Crypto library of choice? > > > On Wed, Jun 9, 2010 at 11:09 AM, Dan Allen <[email protected]> wrote: > >> On Wed, Jun 9, 2010 at 11:06 AM, Lincoln Baxter, III < >> [email protected]> wrote: >> >>> Yeah - Just saw that this morning. I'd like to see a way to implement >>> this for ALL pages, not requiring a custom tag. I believe this could be done >>> easily using the PreRenderViewEvent to add a hidden form field to store the >>> token in all outbound forms, then use a phase-listener after Restore_View, >>> comparing the request parameter to the restored component value. Very >>> similar to the <s:token> component, but as a global solution that could be >>> enabled/disabled via XML config. >>> >> >> Global solution is good. In fact, it's even more secure since it solves >> the "doh, I forgot to add the tag" security hole ;) >> >> -Dan >> >> -- >> Dan Allen >> Senior Software Engineer, Red Hat | Author of Seam in Action >> Registered Linux User #231597 >> >> http://mojavelinux.com >> http://mojavelinux.com/seaminaction >> http://www.google.com/profiles/dan.j.allen >> > > > > -- > Lincoln Baxter, III > http://ocpsoft.com > http://scrumshark.com > "Keep it Simple" > -- Lincoln Baxter, III http://ocpsoft.com http://scrumshark.com "Keep it Simple"
_______________________________________________ seam-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/seam-dev
