I've been emailing the authors of HDIV offline for some quite time. I take a
fond interest in data integrity and security, and believe their project is a
great benefit to Struts. The problem, of course, exists that S1 and S2 are
so radical in architecture that separate deliverables are required.
I think a framework SPI should be provided so that library implementors can
scramble form data (e.g., hidden form field values) and provide whatever
encryption necessary. The goal would be for this SPI to be honored in both
Struts 1.4 and latest Struts 2.x. This would be the start of a shared
library between Struts versions.
These are the current known extension points that the SPI would be invoked
for:
1. Form start point
2. Form end point
3. Link or form's action
4. Form's Parameters name
5. FoParameter's values
Where is the right place to whiteboard this idea? Email or MoinMoin? And is
anyone else interested in helping?
Paul
