[jboss-user] [JBoss Seam] - Secure conversation IDs seem critical to maintaining request

gcomnz do-not-reply at jboss.com
Tue Oct 16 14:36:45 EDT 2007


Huge ++ on making it easy to override conversation Ids.

The level of criticality is such that we'll have to make them secure regardless of whether we have to do it as a hack or are supported by a Seam feature.

I was actually hoping that conversation Ids would start fresh from 1 for each new session, since that's a completely acceptable solution as far as I can tell. But from testing it appears that Seam increments conversation Ids globally.

I'd be surprised if anyone with more than trivial apps (or blogs) really wants to have visibility into volume of conversation id's generated, there's just available for a competitor to read into that. So I'm guessing that a lot of developers just haven't thought about the implications enough yet otherwise there would likely be more requests for other options.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4095760#4095760

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4095760



More information about the jboss-user mailing list