That makes perfect sense and you're right, it doesn't work. Thanks anyhow,
I now know to stop wasting time trying to make the impossible happen.
On Thu, Feb 23, 2012 at 12:09 AM, Mike McNally <[email protected]> wrote:
> Stripes doesn't include a client-side (JavaScript) companion framework. It
> can encrypt a hidden field when its value is prepared *at the server*. It
> cannot do *anything* to any field values once the page resides in the
> client web browser.
>
> If you need security for field values, the right thing to do is use HTTPS
> (TLS).
>
> (Some Stripes person can chime in if I'm wrong, but I'll be pretty
> stunned.)
>
>
>
> On Wed, Feb 22, 2012 at 10:05 AM, Ankur Sharda <[email protected]>wrote:
>
>> Thanks Mike, yes it's a text field.
>>
>> So I think what I will do is use jQuery to populate a hidden field based
>> on the contents of a text field (so that the user interaction remains as
>> people would expect).
>>
>> Is there are "theoretical" reason why a text field's contents can't be
>> encrypted, or is it just something that hasn't been implemented.
>>
>> Thanks for your help
>>
>>
>> On Thu, Feb 23, 2012 at 12:00 AM, Mike McNally <[email protected]>wrote:
>>
>>> What does your JSP look like? If the field is an ordinary "text" input
>>> field, there's nothing Stripes can do to encrypt the value. If you drop
>>> the property in a <stripes:hidden> field, however, the tag can make sure
>>> that the value is encrypted.
>>>
>>>
>>> On Wed, Feb 22, 2012 at 9:52 AM, Ankur Sharda
>>> <[email protected]>wrote:
>>>
>>>> Hi,
>>>>
>>>> I tried to use the @Validate(encrypted=true) annotation, but it didn't
>>>> seem to do anything.
>>>>
>>>> My understanding is that all I need to do is add this annotation
>>>> above/next to a variable and when it is sent to the ActionBean it is
>>>> encrypted (and then decrypted). I changed my form's method to GET so I
>>>> could more easily show the values and it's quite clear that they aren't
>>>> being encrypted.
>>>>
>>>> My ActionBean looks like this:
>>>>
>>>> public class LoginActionBean extends OrderActionBean{
>>>>
>>>> @Validate(encrypted=true)
>>>> String garbage;
>>>> Account account;
>>>>
>>>> // ... getters & setters and class code here
>>>>
>>>> }
>>>>
>>>> The Account.java looks like
>>>>
>>>> public class Account{
>>>>
>>>> @Id ObjectId id;
>>>> String username;
>>>> String password;
>>>> boolean loggedIn;
>>>>
>>>> // getters, setters and other methods here
>>>>
>>>> }
>>>>
>>>> When I look in Firebug I see this
>>>>
>>>> __fpkgDCepNG-aU=_sourcePage
>>>> ZtAJgTlif_wM4ldzc1Gq7FhGO6IERk99Rga0aY5xTto=account.password1234
>>>> account.usernamemangiare garbagesome nonsenseloginRestaurant Login
>>>>
>>>> and the query string of the next page looks like
>>>>
>>>>
>>>> http://localhost:8080/MindMySeat/login?garbage=some+nonsense&account.username=mangiare&account.password=1234&loginRestaurant=Login&_sourcePage=ZtAJgTlif_wM4ldzc1Gq7FhGO6IERk99Rga0aY5xTto%3D&__fp=kgDCepNG-aU%3D
>>>>
>>>> So I am assuming that the encryption process is not taking place
>>>> (unless the browser is making it invisible to me???).
>>>>
>>>> I can see three options:
>>>>
>>>> 1. I am wrong and encryption is taking place
>>>> 2. I am doing something wrong - I can provide more code if it would help
>>>> 3. There's a bug (I am using 1.5.6)
>>>>
>>>> Tx,
>>>> Ankur
>>>>
>>>> --
>>>> Ankur Sharda
>>>> E: [email protected]
>>>> M: 0421 311 106
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Virtualization & Cloud Management Using Capacity Planning
>>>> Cloud computing makes use of virtualization - but cloud computing
>>>> also focuses on allowing computing to be delivered as a service.
>>>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>>>> _______________________________________________
>>>> Stripes-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>>>
>>>>
>>>
>>>
>>> --
>>> Turtle, turtle, on the ground,
>>> Pink and shiny, turn around.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Virtualization & Cloud Management Using Capacity Planning
>>> Cloud computing makes use of virtualization - but cloud computing
>>> also focuses on allowing computing to be delivered as a service.
>>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>>> _______________________________________________
>>> Stripes-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>>
>>>
>>
>>
>> --
>> Ankur Sharda
>> E: [email protected]
>> M: 0421 311 106
>>
>>
>> ------------------------------------------------------------------------------
>> Virtualization & Cloud Management Using Capacity Planning
>> Cloud computing makes use of virtualization - but cloud computing
>> also focuses on allowing computing to be delivered as a service.
>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>> _______________________________________________
>> Stripes-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>
>>
>
>
> --
> Turtle, turtle, on the ground,
> Pink and shiny, turn around.
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Stripes-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/stripes-users
>
>
--
Ankur Sharda
E: [email protected]
M: 0421 311 106
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Stripes-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-users
