Thank you so much! Francisco
On 9/9/07, Cagatay Civici <[EMAIL PROTECTED]> wrote: > > Hi, > > - When using server side state saving, is it kept in the session? > > > Yep > > - How does one use encryption for client-side state saving? > > > http://wiki.apache.org/myfaces/Secure_Your_Application > > Regards, > > Cagatay > Coast Guard > > On 9/9/07, Francisco Passos <[EMAIL PROTECTED]> wrote: > > > > Hello Martin. > > > > Thank you for your answer. > > > > It raises two more questions though, could you clarify these for me as > > well? > > > > - When using server side state saving, is it kept in the session? > > > > and > > > > - How does one use encryption for client-side state saving? > > > > Regards, > > Francisco > > > > On 9/9/07, Martin Marinschek < [EMAIL PROTECTED]> wrote: > > > > > > Hi Francisco, > > > > > > do you use server side state saving? Then the value of t:saveState is > > > not transferred to the client. Do you use client side state saving? > > > Then you can switch on encryption for your state. > > > > > > regards, > > > > > > Martin > > > > > > On 9/9/07, Francisco Passos < [EMAIL PROTECTED]> wrote: > > > > Hello all! > > > > > > > > I've been wondering how secure saveState actually is. > > > > To what extent can we trust the values we get back from the client? > > > Are they > > > > ciphered with a server key so they can't be tampered with until they > > > get > > > > sent back to the server? > > > > > > > > Or should I assume a client can tamper with the serialized bean and > > > change > > > > its values? That would make me have to retrieve them again from a > > > liable > > > > source, thus beating the whole purpose of saveState. > > > > > > > > I'm an avid user of t:saveState, but I need to know what I can count > > > on. > > > > > > > > Thank you, > > > > Francisco Passos > > > > > > > > > > > > > -- > > > > > > http://www.irian.at > > > > > > Your JSF powerhouse - > > > JSF Consulting, Development and > > > Courses in English and German > > > > > > Professional Support for Apache MyFaces > > > > > > > >
