Jesse Kuhnert <jkuhnert <at> gmail.com> writes: > 1) Provide a system/hivemind/whatever configurable property that specifies > the sort of encrytion scheme you'd like to use on these states...Could be > none/base64/blowfish/md5/sha/etc....Then only people who need it have to > take the performance hit.
I think this is not that simple: How to prevent replay attacks? If user=root is encrypted as "kedf82", nothing can prevent the user from copy and pasting it. Injecting some sort of state into the data may prevent reply attacks but will also defeat the whole purpsoe of client-side state (the back button). -- Author of a book for learning Tapestry (http://www.agileskills2.org/EWDT) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
