[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-2105) pluggable conversation id strategy
[ http://jira.jboss.com/jira/browse/JBSEAM-2105?page=comments#action_12383121 ]
Marcus Adair commented on JBSEAM-2105:
--------------------------------------
I am actually realizing that while its accurate to say that global increments on
conversation ids is a "security problem", the subtlety is that exploiting the
problem is not what people typically think of in terms of hackers finding ways to break in
or create problems, but rather is the leakage of private business data that could be
exploited at a strategic level by a competitor or some other external party.
I guess that's stating the obvious, but in case the subtlety is lost I figure it
doesn't hurt to point out explicitly where the danger is.
pluggable conversation id strategy
----------------------------------
Key: JBSEAM-2105
URL: http://jira.jboss.com/jira/browse/JBSEAM-2105
Project: JBoss Seam
Issue Type: Feature Request
Reporter: Norman Richards
Fix For: 2.0.1.GA
Attachments: patch_file
Conversation id generation should be managed by a component that can be overridden for
specific deployments. We might even consider providing a more interesting default (or
optional) strategy like a GUID.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira