[richfaces-planning-issues] [JBoss JIRA] Resolved: (RFPL-72) Discuss security issues of client-side "execute" set definition
Nick Belaevski (JIRA)
jira-events at lists.jboss.org
Thu Apr 14 09:39:33 EDT 2011
[ https://issues.jboss.org/browse/RFPL-72?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Belaevski resolved RFPL-72.
--------------------------------
Resolution: Done
After discussion with Ilya we've decided that JSF standard approach is not very safe and should not be supported.
Furthermore, support of client-side 'execute' definition is not necessary for RichFaces components. Users can use f:ajax any time they need this thing.
> Discuss security issues of client-side "execute" set definition
> ---------------------------------------------------------------
>
> Key: RFPL-72
> URL: https://issues.jboss.org/browse/RFPL-72
> Project: RichFaces Planning
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Affects Versions: 4.0.0.ALPHA1
> Reporter: Nick Belaevski
> Assignee: Nick Belaevski
> Labels: design, tran
> Fix For: 4.Future
>
>
> JSF 2 allows specification of 'execute' and 'render' via request parameters. We use different approach, but need to discuss whether it is safe enough for our components to be supported.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the richfaces-planning-issues
mailing list