Xavier Morel <[EMAIL PROTECTED]> writes: > > Jeppe Cramon wrote: > > Hi > > > > I agree with you. For field encryption we need per session encryption. > > > > /Jeppe > > > > Wouldn't seeding #encrypt with a randomly generated session attribute be > more than enough?
I don't think that would allow current "automatic" encryption during binding/conversion stage. But I do feel that not having a per session key will not fit all needs. Also, storing key in web.xml is somewhat risky. Can encryption be made plugable with access to action context? Working with Ajax I did encounter use case when I needed encrypted values of the same id to be the same for comparison. In this case current CryptoUtil was not useful. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
