Hi,
Thank you for this great work. It will be really useful.
I still have a question about security T5/acegi integration : the
"classic" solution that you used to perform strong authentication with acegi
through T5 is creating a T5 LinkImpl object. You give then parameters (login
and password) to this link object to pass the request to acegi.
The problem is that you are the able to see login and password in clear in
your server (Apache, Tomcat, ...) logs. Indeed, T5 uses a LinkImpl object to
perform a GET (and not a POST) to server.
I am very annoyed with this security hole that I have encountered on my own
implementation of T5/acegi integration. I don't know any correct and elegant
fix to this issue for now.
Did you experiment this issue ? Do you have an idea on it ? Or maybe you
found yet a solution to fix it ?
Regards,
Baptiste
dalahoo wrote:
>
> Hi all,
>
> latest release of my phone book application is available now,
>
> In this release i used :
>
> - Tapestry 5.0.7 as a Web MVC framework.
> - Acegi 1.0.5 as a Security System.
> - Spring 2.5 as a Application framework.
> - Spring JDBC for Data Access Layer.
> - Hibernate 3.2.4 an alternative for Data Access Layer.
> - JPA (Hibernate Implementation) another alternative for Data Access
> Layer.
> - HSQLDB 1.8.0.7 for application database.
>
> read more about application configuration at
> http://code.google.com/p/shams/wiki/TASJHJ
>
> you can download source code for this release and previous releases from
> http://code.google.com/p/shams/
>
>
> --
> sincerely yours
> M. H. Shamsi
>
>
--
View this message in context:
http://www.nabble.com/-T5--ANN----Tapestry%2BAcegi%2BSpring%2BJDBC%2BHibernate%2BJPA%2BHSQLDB-all-in-one-tp15017544p15018441.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
