[jboss-user] [JBoss Seam] - Secure conversation IDs seem critical to maintaining request
gcomnz
do-not-reply at jboss.com
Tue Oct 16 14:36:45 EDT 2007
Huge ++ on making it easy to override conversation Ids.
The level of criticality is such that we'll have to make them secure regardless of whether we have to do it as a hack or are supported by a Seam feature.
I was actually hoping that conversation Ids would start fresh from 1 for each new session, since that's a completely acceptable solution as far as I can tell. But from testing it appears that Seam increments conversation Ids globally.
I'd be surprised if anyone with more than trivial apps (or blogs) really wants to have visibility into volume of conversation id's generated, there's just available for a competitor to read into that. So I'm guessing that a lot of developers just haven't thought about the implications enough yet otherwise there would likely be more requests for other options.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4095760#4095760
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4095760
More information about the jboss-user
mailing list