yes there are. The state is on the client, and it might always be tampered with - in JSF 1.1 this state is only encoded, not encrypted, in JSF1.2 it will be encrypted as well. So you remain quite secure, but not completely secure ;)
regards, Martin On 9/1/05, CONNER, BRENDAN (SBCSI) <[EMAIL PROTECTED]> wrote: > One question I have about client-side state management: are there > increased security issues associated with this, relative to using > server-side state management? > > - Brendan > > -----Original Message----- > From: CONNER, BRENDAN (SBCSI) > Sent: Thursday, September 01, 2005 11:05 AM > To: 'MyFaces Discussion' > Subject: RE: using browser back button with MyFaces examples creates > problems.. > > > Client-side state management also seems to be necessary if one's > application uses JSF pop-up windows. With client-side state management, > pop-ups and back buttons appear to work fairly well. > > - Brendan > > -----Original Message----- > From: Mike Kienenberger [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 01, 2005 11:02 AM > To: MyFaces Discussion > Subject: Re: using browser back button with MyFaces examples creates > problems.. > > > The default server-side state management doesn't handle going back. > The upside is you can write your own StateManager to handle it :) > > Client-side state management should work with care so long as you're > not depending on any server-side state management (session-scoped > backing beans and the like). > > On 8/29/05, Rick Reumann <[EMAIL PROTECTED]> wrote: > > Example... > > > > Load up exmaples > > http://localhost:8080/myfaces-examples/home.jsf , click on > > examples --> components --> Master Detail example. > > > > click "Austria" > > > > use browser back button > > > > Select another menu option like "Selectboxes" > > > > use browser back button > > > > Click on Master Detail example ---> result ugly error:( > > > > -- > > Rick > -- http://www.irian.at Your JSF powerhouse - JSF Trainings in English and German
