On Wed, Oct 17, 2012 at 7:11 AM, Bob Harner wrote:
> I think Mike is talking more about the session state that comes from
> the apps themselves, not how Tapestry stores its own bookkeeping data.
> My guess is that the vast majority of real-world Tapestry apps have
> considerable session state (mos
I think Mike is talking more about the session state that comes from
the apps themselves, not how Tapestry stores its own bookkeeping data.
My guess is that the vast majority of real-world Tapestry apps have
considerable session state (mostly from over-use of @Persist,
@SessionState and @SessionAtt
On Mon, Oct 15, 2012 at 8:11 AM, Michael Gentry wrote:
> Hi Howard,
>
> If your application requires session state to function, it would error
> out regardless. Perhaps the random approach is better for
> session-heavy applications and the fixed/stable approach is better for
> session-free applic
Hi Howard,
If your application requires session state to function, it would error
out regardless. Perhaps the random approach is better for
session-heavy applications and the fixed/stable approach is better for
session-free applications?
Thanks,
mrg
On Sun, Oct 14, 2012 at 1:39 PM, Howard Lew
On Sat, Oct 13, 2012 at 4:22 AM, Bob Harner wrote:
> Use any long, random, private string of characters, just like you'd
> use for a secure password or pass phrase.
>
> From Wikipedia: "The cryptographic strength of the HMAC depends upon
> the size of the secret key that is used. The most common a
cool tnx for the tip. cheers
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/hmac-sample-tp5716873p5716881.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail:
There is no "best" value. Just make up some fixed string of, oh, 25 to 50
characters. It doesn't matter what characters you use, as long as they are
unpredictable.
As I said in my previous post, only generate a random string
programmatically if you are not clustering your app on multiple servers.
I have run into the same problem. Does someone from the Tapestry dev team has
any suggestion about the best value for this (now mandatory) field?
Also if we put the value to be random as suggested above is it not possible
that 2 application that run on different hosts and thus will generate it
di
Use any long, random, private string of characters, just like you'd
use for a secure password or pass phrase.
>From Wikipedia: "The cryptographic strength of the HMAC depends upon
the size of the secret key that is used. The most common attack
against HMACs is brute force to uncover the secret key
