Hello all,
The HMAC passphrase as is, is identical no matter the form, the time, the
session.
It seems to only be generated based on the passphrase defined in your
AppModule.
I don't see how this protects against DoS attacks except the most blind
assault. Nor
does it protect against CSRF
The HMAC is used solely to ensure that form state stored on the client side
(t:formdata) hasn't been
tempered with. As such its current implementation is sufficient.
It is no protection against DOS (no cryptographic mechanism is) and no
protection against CSRF. For
CSRF protection there is a mod
Hi Uli,
Thanks for the response.
I checked out the CSRF protection module but am still interested in the
potential of using the HMAC passphrase
as a mechanism to protect against CSRF also. I've located ClientDataEncoder and
am interested in overriding
this in order to salt the HMAC with JSESS
Well I guess it could be, leveraging the Encrypted Token Pattern.
Uli
On 2013-11-06 10:07, Peter Hvass wrote:
> Hi Uli,
>
>
> Thanks for the response.
>
>
> I checked out the CSRF protection module but am still interested in the
> potential of using the HMAC passphrase
> as a mechanism to
Dear Tapestry Developers / Users,
I have a question concerning partial HTML rendering without using zones using
5.4. Until alpha 24, the following code was working:
@Inject private Block page;
@Inject private Block modal;
public Object getActiveBlock() {
return request.isXHR() ? modal : pa
Hi, I'm new to Tapestry and have some problems using forms. I have the
following simple setup:
// my entity class
@Entity
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@NonVisual
public Long id;
@Validate("required")
public String firstName
Hi all,
looking for a way to have session storage per context, e.g. 2 pages:
/profile/details/1
/profile/details/2
if work with both in different tabs session storage data obviously
clashing.
Any ideas how to make per-context session?
Thanks.
Hi Dmitriy,
What you've described is having a conversational scope.
Look at the tapestry-conversations module
http://tynamo.org/tapestry-conversations+guide. I think the guide is pretty
clear and you will have an easy time integrating it.
We use the module in multiple projects and it works very wel
Hi, The Greate Mewel! :)
On Wed, 06 Nov 2013 08:53:48 -0200, thegreatmewel
wrote:
// and my form
http://tapestry.apache.org/schema/tapestry_5_3.xsd";>
t:validate="required"
class="form-control" />
As you see i liked to use bootstrap and
On Wed, 06 Nov 2013 07:48:10 -0200, Thilo Tanner
wrote:
Dear Tapestry Developers / Users,
Hi!
Does your page import stylesheets or JavaScript directly? Or through
components it uses? If the answers are "no", you can disable the addition
of the core stack. Since alpha 24, there's a symb
On Wed, 06 Nov 2013 09:36:58 -0200, Thiago H de Paula Figueiredo
wrote:
Since 5.4-alpha-24 you can actually have BeanEditForm and BeanEditor
generate the HTML you want through setting some configuration symbols. I
just didn't documented it yet. Later today I'll post an example.
5.4-alpha
On Wed, 06 Nov 2013 07:32:23 -0200, Ulrich Stärk wrote:
Well I guess it could be, leveraging the Encrypted Token Pattern.
Agreed. JIRA please! ;)
Uli
On 2013-11-06 10:07, Peter Hvass wrote:
Hi Uli,
Thanks for the response.
I checked out the CSRF protection module but am still interes
Hi everyone !
I was asking myself about event bubbling.
The actual philosophy is about trigger an event by the bubble up technic into
components, so the parents components/page could catch the event.
But if i want to trigger the event bubbling < down > , so my child components
could catch the
I can't currently think of an example. But there must be one.
*-*
*Muhammad Gelbana*
http://www.linkedin.com/in/mgelbana
On Mon, Nov 4, 2013 at 10:13 PM, Thiago H de Paula Figueiredo <
thiag...@gmail.com> wrote:
> On Mon, 04 Nov 2013 17:49:05 -0200, Muhammad Gelbana
> wrote
On Wed, 06 Nov 2013 11:55:25 -0200, Hottois Ludwig
wrote:
Hi everyone !
Hi!
I was asking myself about event bubbling.
The actual philosophy is about trigger an event by the bubble up technic
into components, so the parents components/page could catch the event.
But if i want to trigg
Note, you can't bubble the event down using Environmental, but you can pass
EventContext or some other value through it and consume this value from
your child component on @AfterRender or some other event.
I use Publisher service in one of my projects for similar purposes
https://github.com/anjla
Thanks for your time :)
I haven't played a lot with @Environmental actually, i'm going to experiment
some tests :D
Have you some good examples or documentation about how to correctly use the
callbacks ? i've seen how the annotation @ActiveParameterRequest used it and it
looks like magic :)
Yo
Wow, your project looks cool :) but i can't really use it on my project :) i
just need a small thing.
I'm going to read more Eventcontext Documentation ;)
Thanks !
-Message d'origine-
De : Dmitry Gusev [mailto:dmitry.gu...@gmail.com]
Envoyé : mercredi 6 novembre 2013 15:48
À : Tapestry
On Wed, 06 Nov 2013 12:11:48 -0200, Muhammad Gelbana
wrote:
I can't currently think of an example. But there must be one.
What I can really think of an example now would be to treat one annotation
as if it was another, so you can, for example, use an annotation you wrote
inside your pro
Hi Thiago, im overwhelmed, it works like a charm :). I just had to add
'class="form-horizontal"' to my form. Thanks a lot!
On 11/06/13 13:26, Thiago H de Paula Figueiredo wrote:
On Wed, 06 Nov 2013 09:36:58 -0200, Thiago H de Paula Figueiredo
wrote:
Since 5.4-alpha-24 you can actually have B
Any time someone wants to use the session, I always ask why. I avoid
session usage wherever possible. If there's no real need for it, I suggest
you keep your app stateless and use the page activation context / event
context to pass parameters.
On Wed, 06 Nov 2013 18:21:04 -0200, thegreatmewel
wrote:
Hi Thiago, im overwhelmed, it works like a charm :). I just had to add
'class="form-horizontal"' to my form. Thanks a lot!
Are you using 5.4-alpha-24? Nice to know someone is using one of my rare
(so far!) commits and it's working
On Wed, 06 Nov 2013 18:37:24 -0200, Lance Java
wrote:
Any time someone wants to use the session, I always ask why. I avoid
session usage wherever possible. If there's no real need for it, I
suggest you keep your app stateless and use the page activation context
/ event
context to pass pa
On Wed, 06 Nov 2013 12:49:37 -0200, Hottois Ludwig
wrote:
Thanks for your time :)
:)
I haven't played a lot with @Environmental actually, i'm going to
experiment some tests :D
There's the Environment service and the @Environmental annotation that
makes it easy to get stuff from the s
Hi Tapestry Users,
Geoff - what a brilliant demo of tapestry's tree/zone/ajax goodness you
have at
http://jumpstart.doublenegative.com.au/jumpstart/examples/ajax/treefromdatabasewithzones
I ran into a couple of things that slowed my day yesterday, all in the
service layer - just relaying them he
FYI you might be interested in this:
http://tapestry-stitch.uklance.cloudbees.net/databasetreedemo
26 matches
Mail list logo
