implementation of 'tapestry.hmac-passphrase
i get this error message in log and in AlertManager (ClientDataEncoderImpl.java:61) - The symbol 'tapestry.hmac-passphrase' has not been configured. This is used to configure hash-based message authentication of Tapestry data stored in forms, or in the URL. You application is less secure, and more vulnerable to denial-of-service attacks, when this symbol is not configured. I wish to implement tapestry.hmac-passphrase Hope someone can tell me exactly what to do -- Pozdrav Nikola Vulovic
Re: implementation of 'tapestry.hmac-passphrase
This is the simplest form: configuration.add(SymbolConstants.HMAC_PASSPHRASE, abcdef); You can put in any kind of string, i.e. application password that does not change frequently. You can use random password generator to generate this string and just hardcode it. On Aug 3, 2013, at 11:59 AM, Nikola Vulovic wrote: i get this error message in log and in AlertManager (ClientDataEncoderImpl.java:61) - The symbol 'tapestry.hmac-passphrase' has not been configured. This is used to configure hash-based message authentication of Tapestry data stored in forms, or in the URL. You application is less secure, and more vulnerable to denial-of-service attacks, when this symbol is not configured. I wish to implement tapestry.hmac-passphrase Hope someone can tell me exactly what to do -- Pozdrav Nikola Vulovic - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: implementation of 'tapestry.hmac-passphrase
http://tapestry.apache.org/configuration.html#Configuration-tapestry.hmacpassphrase Hint: Don't change it once its set. On Aug 3, 2013 11:00 AM, Nikola Vulovic nivuk...@gmail.com wrote: i get this error message in log and in AlertManager (ClientDataEncoderImpl.java:61) - The symbol 'tapestry.hmac-passphrase' has not been configured. This is used to configure hash-based message authentication of Tapestry data stored in forms, or in the URL. You application is less secure, and more vulnerable to denial-of-service attacks, when this symbol is not configured. I wish to implement tapestry.hmac-passphrase Hope someone can tell me exactly what to do -- Pozdrav Nikola Vulovic
