[JBoss JIRA] Resolved: (RFPL-72) Discuss security issues of client-side "execute" set definition

Thursday, 14 April 2011

     [
https://issues.jboss.org/browse/RFPL-72?page=com.atlassian.jira.plugin.sy...
]

Nick Belaevski resolved RFPL-72.
--------------------------------

    Resolution: Done

After discussion with Ilya we've decided that JSF standard approach is not very safe
and should not be supported. 

Furthermore, support of client-side 'execute' definition is not necessary for
RichFaces components. Users can use f:ajax any time they need this thing.

...
 Discuss security issues of client-side "execute" set
definition
 ---------------------------------------------------------------

                 Key: RFPL-72
                 URL: https://issues.jboss.org/browse/RFPL-72
             Project: RichFaces Planning
          Issue Type: Task
      Security Level: Public(Everyone can see) 
    Affects Versions: 4.0.0.ALPHA1
            Reporter: Nick Belaevski
            Assignee: Nick Belaevski
              Labels: design, tran
             Fix For: 4.Future

 JSF 2 allows specification of 'execute' and 'render' via request
parameters. We use different approach, but need to discuss whether it is safe enough for
our components to be supported. 
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009