Use any long, random, private string of characters, just like you'd
use for a secure password or pass phrase.
>From Wikipedia: "The cryptographic strength of the HMAC depends upon
the size of the secret key that is used. The most common attack
against HMACs is brute force to uncover the secret key."
If your app is is not clustered (or is clustered, but uses sticky
sessions), you can just generate a random string:
// Set a random HMAC key for form signing (not cluster safe)
configuration.add(SymbolConstants.HMAC_PASSPHRASE,
new BigInteger(130, new SecureRandom()).toString(32));
Disclaimer: the assessment of the security implications of this are up
to you. I claim no particular expertise here.
On Fri, Oct 12, 2012 at 11:15 PM, angelochen <angelochen...@yahoo.com.hk> wrote:
> Hi,
>
> got this error when upgrading to 5.3.6, any sample to set this?
>
> ClientDataEncoder The symbol 'tapestry.hmac-passphrase' has not been
> configured.
>
> Thanks,
>
>
>
> --
> View this message in context:
> http://tapestry.1045711.n5.nabble.com/hmac-sample-tp5716873.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
