Hi, The topic was discussed in the following thread. As Tim explained, some people didn't want a session to be created implicitly.
http://thread.gmane.org/gmane.comp.java.stripes.user/7251/focus=7251 -- I have been thinking about the issue... If the 'encrypted' option of the @Validate annotation can take another value (e.g. 'session') that uses an per-session encryption key, most of our requirements would be satisfied. Those who does not want to create a session can use encrypted = 'true' that uses the global encryption key. This will break the backward compatibility, but could be worth considering for a major update. // Iwao on 09.5.13 9:41 PM Richard Hauswald said the following: > After a quick look at the source code I figured out that there is no > way to do that. I'm not sure if this is the right place to request > this feature but I'll give it a try :-) > Here is why I think I need this feature: > Accoring to the docs, the same passphrase is used to encrypt/decrypt > values. So a user A will share the same key with user B(with different > htpp sessions). If user A gets an encrypted value(eg by sniffing) from > user B, eg a database id, he can send it to stripes and stripes will > decrypt it. This is IMHO a security problem. > > Any thoughts are well appreciated, > Richard > > On Wed, May 13, 2009 at 12:07 PM, Richard Hauswald > <[email protected]> wrote: >> Hello list, >> is there a way to get a different encryption key for each HTTP-Session? >> Thanks, >> Richard ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
