[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1137) Potentially large security hole in Seam Captcha implementation
by Ian Hlavats (JIRA)
Potentially large security hole in Seam Captcha implementation
--------------------------------------------------------------
Key: JBSEAM-1137
URL: http://jira.jboss.com/jira/browse/JBSEAM-1137
Project: JBoss Seam
Issue Type: Bug
Components: Security
Affects Versions: 1.2.0.GA
Environment: Any
Reporter: Ian Hlavats
I have been experiencing "holes" in the Seam captcha integration recently.
The Seam documentation (section 21.1.1) recommends client-side state saving for JSF.
The following scenario should point out a potential security issue with this approach.
Suppose I have a JSF page with a typical user comment form on it that does not use Seam's captcha component.
Now a malicious user scrapes my JSF page and stores a local copy on his computer, serialized UI component tree and all.
In the meantime, I add Seam's captcha component to my JSF page, trusting it to cause a validation error when the form is submitted without the correct captcha text.
Can the malicious user can now submit the previous copy of my form without the captcha component in the tree?
I am using the MyFaces 1.1.4 JSF implementation.
Thanks.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
17 years, 4 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1588) Seam Component name "session" reserved keyword
by Christoph Aigner (JIRA)
Seam Component name "session" reserved keyword
----------------------------------------------
Key: JBSEAM-1588
URL: http://jira.jboss.com/jira/browse/JBSEAM-1588
Project: JBoss Seam
Issue Type: Bug
Affects Versions: 2.0.0.BETA1
Reporter: Christoph Aigner
Priority: Minor
after migrating from 1.2 to 2.0 Seam throws the following error:
java.lang.IllegalArgumentException: value of context variable is not an instance of the component bound to the context variable: session
the error occurs when I try to inject a class:
@Name("session")
@Scope(ScopeType.SESSION)
public class Session implements java.io.Serializable {
..
in:
@Stateless
@Name("remoting_desktop")
public class Desktop implements DesktopInterface {
@In(create=true,required=false) Session session;
..
worked with 1.2 as "session" is reserved
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
17 years, 5 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-951) IDE support for "Seam Component" project view
by Christian Bauer (JIRA)
IDE support for "Seam Component" project view
---------------------------------------------
Key: JBSEAM-951
URL: http://jira.jboss.com/jira/browse/JBSEAM-951
Project: JBoss Seam
Issue Type: Feature Request
Components: Tools
Reporter: Christian Bauer
Assigned To: Max Andersen
In IntelliJ I can change the project navigator view to different scopes, a scope being a user-defined filter with a package name regex. This is not what I want, I want a project navigator display where the root folders are "Stateless", "Application", "Event", "Conversation", "Session", "Entities", and maybe "Other", and the second grouping is by package name (or whatever custom scope).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
17 years, 5 months