Kamal Parmar wrote:
Hello People,
I am pen-tester so please bear with any lack of knowledge on my part ;)
I am reviewing a MyFaces web application which appears to have very
large values for View State being posted back.
The View State, once base64 decoded and gunzipped, measures anywhere
Hello People,
I am pen-tester so please bear with any lack of knowledge on my part ;)
I am reviewing a MyFaces web application which appears to have very large
values for View State being posted back.
The View State, once base64 decoded and gunzipped, measures anywhere between
2000 to an amazing
Although technically feasible to jack the state, it is not easy.
First, you have to make sure you reproduce the state in such a way
that it restores correctly. There are other complications, but if you
want client side state saving and are worried about hacking and
spying, you could write your own
This is currently available in Myfaces, see:
http://wiki.apache.org/myfaces/Secure_Your_Application
Glauco P. Gomes
Andrew Robinson escreveu:
Although technically feasible to jack the state, it is not easy.
First, you have to make sure you reproduce the state in such a way
that it
Thanks guys. That was very helpful.
cheers
K
On Sun, Apr 20, 2008 at 12:14 AM, Glauco P. Gomes [EMAIL PROTECTED]
wrote:
This is currently available in Myfaces, see:
http://wiki.apache.org/myfaces/Secure_Your_Application
Glauco P. Gomes
Andrew Robinson escreveu:
Although technically
5 matches
Mail list logo
