Sorry, I should have been more specific, the Java BasicSecurityToken should not be used. The BlobCrypterSecurityToken is the equivalent in Java of turning the plaintext token off in PHP, the systems are just configured differently. In Java you use Guice to do it. aes128 is plenty strong enough. On Thu, Mar 12, 2009 at 11:53 PM, Attila Nagy <[email protected]>wrote:
> Luis, Chris, > > On Thu, Mar 12, 2009 at 5:39 PM, Louis Ryan <[email protected]> wrote: > > The BasicSecurityToken class used in the Shindig samples should not be > used in real life. > > What's the case for this in php-shindig? As I see, the php > implementation does aes128 encryption when plaintext token is turned > off. What are the concerns about this token class? > > -- > Nagy Attila Gabor >
