Next question - what is our Crypto library of choice? On Wed, Jun 9, 2010 at 11:09 AM, Dan Allen <[email protected]> wrote:
> On Wed, Jun 9, 2010 at 11:06 AM, Lincoln Baxter, III < > [email protected]> wrote: > >> Yeah - Just saw that this morning. I'd like to see a way to implement this >> for ALL pages, not requiring a custom tag. I believe this could be done >> easily using the PreRenderViewEvent to add a hidden form field to store the >> token in all outbound forms, then use a phase-listener after Restore_View, >> comparing the request parameter to the restored component value. Very >> similar to the <s:token> component, but as a global solution that could be >> enabled/disabled via XML config. >> > > Global solution is good. In fact, it's even more secure since it solves the > "doh, I forgot to add the tag" security hole ;) > > -Dan > > -- > Dan Allen > Senior Software Engineer, Red Hat | Author of Seam in Action > Registered Linux User #231597 > > http://mojavelinux.com > http://mojavelinux.com/seaminaction > http://www.google.com/profiles/dan.j.allen > -- Lincoln Baxter, III http://ocpsoft.com http://scrumshark.com "Keep it Simple"
_______________________________________________ seam-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/seam-dev
