What about integrating HDIV natively so Struts is as secure as it can
possibly be?
Matt
On Dec 5, 2007, at 11:08 PM, Paul Benedict wrote:
I've been emailing the authors of HDIV offline for some quite time.
I take a
fond interest in data integrity and security, and believe their
project is a
great benefit to Struts. The problem, of course, exists that S1 and
S2 are
so radical in architecture that separate deliverables are required.
I think a framework SPI should be provided so that library
implementors can
scramble form data (e.g., hidden form field values) and provide
whatever
encryption necessary. The goal would be for this SPI to be honored
in both
Struts 1.4 and latest Struts 2.x. This would be the start of a shared
library between Struts versions.
These are the current known extension points that the SPI would be
invoked
for:
1. Form start point
2. Form end point
3. Link or form's action
4. Form's Parameters name
5. FoParameter's values
Where is the right place to whiteboard this idea? Email or
MoinMoin? And is
anyone else interested in helping?
Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]