Error message is "The symbol 'tapestry.hmac-passphrase' has not been configured. This is used to configure hash-based message authentication of Tapestry data stored in forms, or in the URL. You application is less secure, and more vulnerable to denial-of-service attacks, when this symbol is not configured. "
We just want to get rid of the above message. If we add the following (copied from one of the user's reply at http://tapestry.1045711.n5.nabble.com/hmac-sample-td5716873.html - configuration.add(SymbolConstants.HMAC_PASSPHRASE, new BigInteger(130, new SecureRandom()).toString(32)); The session timeout frequentlly, as soon as less than 1 minute with error message like your HMAC id is different from whatever, which is not helpfui as the users are still working on the form. We need to fill out a lot of information in the HTML form, before submitting :) -- View this message in context: http://tapestry.1045711.n5.nabble.com/Disabling-HMAC-check-tp5718156p5718163.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
