Matt, I want to use HDIV natively in Struts 1 too -- which is why I was hoping for an SPI interface which anyone can provide for an implementation. What do you have in mind with "native" integration? And is your idea of integration also against an SPI?
Paul On Dec 6, 2007 10:18 AM, Matt Raible <[EMAIL PROTECTED]> wrote: > What about integrating HDIV natively so Struts is as secure as it can > possibly be? > > Matt > > On Dec 5, 2007, at 11:08 PM, Paul Benedict wrote: > > > I've been emailing the authors of HDIV offline for some quite time. > > I take a > > fond interest in data integrity and security, and believe their > > project is a > > great benefit to Struts. The problem, of course, exists that S1 and > > S2 are > > so radical in architecture that separate deliverables are required. > > > > I think a framework SPI should be provided so that library > > implementors can > > scramble form data (e.g., hidden form field values) and provide > > whatever > > encryption necessary. The goal would be for this SPI to be honored > > in both > > Struts 1.4 and latest Struts 2.x. This would be the start of a shared > > library between Struts versions. > > > > These are the current known extension points that the SPI would be > > invoked > > for: > > > > 1. Form start point > > 2. Form end point > > 3. Link or form's action > > 4. Form's Parameters name > > 5. FoParameter's values > > > > Where is the right place to whiteboard this idea? Email or > > MoinMoin? And is > > anyone else interested in helping? > > > > Paul > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
