On Fri, 26 Mar 2010 14:38:38 -0300, Josh Canfield <joshcanfi...@gmail.com>
wrote:
I am currently trying to decorate the encoder parameter of Select
component
(at least every component that has an encoder parameter) to apply an
indirection on client Value (see owasp rule A4)
This seems like a wide net... Have you considered using a different
type for the ids that you want obfuscated?
Or implementing the obfuscation logic inside the ValueEncoder? This
interface is exactly where Tapestry expect you to any conversion between
object and string representation of it used inside an URL or HTML page.
That's the simplest and more reusable solution I can think. Another one
would be the decoration of ValueEncoderSource.
--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
and instructor
Owner, software architect and developer, Ars Machina Tecnologia da
Informação Ltda.
http://www.arsmachina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
