Actually i do it at the very end of chain and manipulate only string.
The work is done at link encoding and decoding.
Le 26 mars 2010 à 22:16, Josh Canfield <joshcanfi...@gmail.com> a
écrit :
:) Thanks. I understood that it could be done but I'm curious how you
use it for an event link?
Do you contribute to ValueEncoderSource an encoder for Long.class and
just obfuscate all Longs?
Josh
On Fri, Mar 26, 2010 at 1:57 PM, Christophe Cordenier
<christophe.corden...@gmail.com> wrote:
Hi
I have used value encoder for select component and component event
link
encoder/decoder service for context (action and event)
Best regards
Le 26 mars 2010 à 21:44, Josh Canfield <joshcanfi...@gmail.com> a
écrit :
Or implementing the obfuscation logic inside the ValueEncoder? This
interface is exactly where Tapestry expect you to any conversion
between
object and string representation of it used inside an URL or HTML
page.
Hmm... how do you provide a ValueEncoder in an event or page link?
On Fri, Mar 26, 2010 at 10:58 AM, Thiago H. de Paula Figueiredo
<thiag...@gmail.com> wrote:
On Fri, 26 Mar 2010 14:38:38 -0300, Josh Canfield
<joshcanfi...@gmail.com>
wrote:
I am currently trying to decorate the encoder parameter of Select
component
(at least every component that has an encoder parameter) to
apply an
indirection on client Value (see owasp rule A4)
This seems like a wide net... Have you considered using a
different
type for the ids that you want obfuscated?
Or implementing the obfuscation logic inside the ValueEncoder? This
interface is exactly where Tapestry expect you to any conversion
between
object and string representation of it used inside an URL or HTML
page.
That's the simplest and more reusable solution I can think.
Another one
would be the decoration of ValueEncoderSource.
--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant,
developer,
and
instructor
Owner, software architect and developer, Ars Machina Tecnologia da
Informação Ltda.
http://www.arsmachina.com.br
---
------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
--
--
http://www.bodylabgym.com - a private, by appointment only, one-on-
one
health and fitness facility.
--
http://www.ectransition.com - Quality Electronic Cigarettes at a
reasonable price!
--
TheDailyTube.com. Sign up and get the best new videos on the
internet
delivered fresh to your inbox.
---
------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
--
--
http://www.bodylabgym.com - a private, by appointment only, one-on-one
health and fitness facility.
--
http://www.ectransition.com - Quality Electronic Cigarettes at a
reasonable price!
--
TheDailyTube.com. Sign up and get the best new videos on the internet
delivered fresh to your inbox.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
