Hi,
> Thank you for clarification. Using the secret mentioned in the below page
> would suffice or there is some mechanism to generate the SECRET ?
>
You must not use the keys specified on this page but generate your own
secret ones. An attacker using the same key can then produce a valid
ViewSt
Hi,
> Currently we are not in a position to update to 1.1.8 as the change would
> require a upgrade of legacy software.
>
> With just 1.1.5,based on the below, it has been mentioned that it is ok to
> use "Server" for state saving. Based on this, can you clarify that
> encryption is not required
ement mechanism in future JSF spec versions. Unfortunately CDI
seems very much ill-suited in this scenario. What is MyFaces' position
on supporting non-CDI environments? What especially concerns me is that,
at some point, context management might be externalized into CDI.
with best regards
Mori
3 matches
Mail list logo