Hello all,
The HMAC passphrase as is, is identical no matter the form, the time, the
session.
It seems to only be generated based on the passphrase defined in your
AppModule.
I don't see how this protects against DoS attacks except the most blind
assault. Nor
does it protect against
The HMAC is used solely to ensure that form state stored on the client side
(t:formdata) hasn't been
tempered with. As such its current implementation is sufficient.
It is no protection against DOS (no cryptographic mechanism is) and no
protection against CSRF. For
CSRF protection there is a
Hi Uli,
Thanks for the response.
I checked out the CSRF protection module but am still interested in the
potential of using the HMAC passphrase
as a mechanism to protect against CSRF also. I've located ClientDataEncoder and
am interested in overriding
this in order to salt the HMAC with
Well I guess it could be, leveraging the Encrypted Token Pattern.
Uli
On 2013-11-06 10:07, Peter Hvass wrote:
Hi Uli,
Thanks for the response.
I checked out the CSRF protection module but am still interested in the
potential of using the HMAC passphrase
as a mechanism to protect
Dear Tapestry Developers / Users,
I have a question concerning partial HTML rendering without using zones using
5.4. Until alpha 24, the following code was working:
@Inject private Block page;
@Inject private Block modal;
public Object getActiveBlock() {
return request.isXHR() ? modal :
Hi, I'm new to Tapestry and have some problems using forms. I have the
following simple setup:
// my entity class
@Entity
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@NonVisual
public Long id;
@Validate(required)
public String firstName;
Hi all,
looking for a way to have session storage per context, e.g. 2 pages:
/profile/details/1
/profile/details/2
if work with both in different tabs session storage data obviously
clashing.
Any ideas how to make per-context session?
Thanks.
Hi Dmitriy,
What you've described is having a conversational scope.
Look at the tapestry-conversations module
http://tynamo.org/tapestry-conversations+guide. I think the guide is pretty
clear and you will have an easy time integrating it.
We use the module in multiple projects and it works very
Hi, The Greate Mewel! :)
On Wed, 06 Nov 2013 08:53:48 -0200, thegreatmewel
thegreatme...@gmail.com wrote:
// and my form
html t:type=layout title=Create Account
xmlns:t=http://tapestry.apache.org/schema/tapestry_5_3.xsd;
form t:type=form t:id=registerForm class=form-horizontal
On Wed, 06 Nov 2013 07:48:10 -0200, Thilo Tanner th...@dienststelle.ch
wrote:
Dear Tapestry Developers / Users,
Hi!
Does your page import stylesheets or JavaScript directly? Or through
components it uses? If the answers are no, you can disable the addition
of the core stack. Since
On Wed, 06 Nov 2013 09:36:58 -0200, Thiago H de Paula Figueiredo
thiag...@gmail.com wrote:
Since 5.4-alpha-24 you can actually have BeanEditForm and BeanEditor
generate the HTML you want through setting some configuration symbols. I
just didn't documented it yet. Later today I'll post an
On Wed, 06 Nov 2013 07:32:23 -0200, Ulrich Stärk u...@spielviel.de wrote:
Well I guess it could be, leveraging the Encrypted Token Pattern.
Agreed. JIRA please! ;)
Uli
On 2013-11-06 10:07, Peter Hvass wrote:
Hi Uli,
Thanks for the response.
I checked out the CSRF protection module
Hi everyone !
I was asking myself about event bubbling.
The actual philosophy is about trigger an event by the bubble up technic into
components, so the parents components/page could catch the event.
But if i want to trigger the event bubbling down , so my child components
could catch the
I can't currently think of an example. But there must be one.
*-*
*Muhammad Gelbana*
http://www.linkedin.com/in/mgelbana
On Mon, Nov 4, 2013 at 10:13 PM, Thiago H de Paula Figueiredo
thiag...@gmail.com wrote:
On Mon, 04 Nov 2013 17:49:05 -0200, Muhammad Gelbana
On Wed, 06 Nov 2013 11:55:25 -0200, Hottois Ludwig
ludwig.hott...@worldline.com wrote:
Hi everyone !
Hi!
I was asking myself about event bubbling.
The actual philosophy is about trigger an event by the bubble up technic
into components, so the parents components/page could catch the
Note, you can't bubble the event down using Environmental, but you can pass
EventContext or some other value through it and consume this value from
your child component on @AfterRender or some other event.
I use Publisher service in one of my projects for similar purposes
Thanks for your time :)
I haven't played a lot with @Environmental actually, i'm going to experiment
some tests :D
Have you some good examples or documentation about how to correctly use the
callbacks ? i've seen how the annotation @ActiveParameterRequest used it and it
looks like magic :)
Wow, your project looks cool :) but i can't really use it on my project :) i
just need a small thing.
I'm going to read more Eventcontext Documentation ;)
Thanks !
-Message d'origine-
De : Dmitry Gusev [mailto:dmitry.gu...@gmail.com]
Envoyé : mercredi 6 novembre 2013 15:48
À : Tapestry
On Wed, 06 Nov 2013 12:11:48 -0200, Muhammad Gelbana m.gelb...@gmail.com
wrote:
I can't currently think of an example. But there must be one.
What I can really think of an example now would be to treat one annotation
as if it was another, so you can, for example, use an annotation you
Hi Thiago, im overwhelmed, it works like a charm :). I just had to add
'class=form-horizontal' to my form. Thanks a lot!
On 11/06/13 13:26, Thiago H de Paula Figueiredo wrote:
On Wed, 06 Nov 2013 09:36:58 -0200, Thiago H de Paula Figueiredo
thiag...@gmail.com wrote:
Since 5.4-alpha-24 you
Any time someone wants to use the session, I always ask why. I avoid
session usage wherever possible. If there's no real need for it, I suggest
you keep your app stateless and use the page activation context / event
context to pass parameters.
On Wed, 06 Nov 2013 18:37:24 -0200, Lance Java lance.j...@googlemail.com
wrote:
Any time someone wants to use the session, I always ask why. I avoid
session usage wherever possible. If there's no real need for it, I
suggest you keep your app stateless and use the page activation context
/
On Wed, 06 Nov 2013 12:49:37 -0200, Hottois Ludwig
ludwig.hott...@worldline.com wrote:
Thanks for your time :)
:)
I haven't played a lot with @Environmental actually, i'm going to
experiment some tests :D
There's the Environment service and the @Environmental annotation that
makes it
Hi Tapestry Users,
Geoff - what a brilliant demo of tapestry's tree/zone/ajax goodness you
have at
http://jumpstart.doublenegative.com.au/jumpstart/examples/ajax/treefromdatabasewithzones
I ran into a couple of things that slowed my day yesterday, all in the
service layer - just relaying them
FYI you might be interested in this:
http://tapestry-stitch.uklance.cloudbees.net/databasetreedemo
25 matches
Mail list logo