struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig McClanahan <craig...@gmail.com>
Subject Re: [shale] Feature idea
Date Thu, 20 Jan 2005 00:51:01 GMT
On Tue, 18 Jan 2005 18:29:57 -0500, Sean Schofield
<sean.schofield@gmail.com> wrote:
> I'm not sure what category to put this idea.  It really could be one
> of the following:
> 
> 1.) New feature to be in shale core
> 
> 2.) Custom add-on that I would plug into shale core (but keep for personal use)
> 
> 3.) Custom add-on for favorite JSF implmentation (MyFaces for instance).
> 

I think some combination of 2 and 3 is probably a winner here.

My feeling is that a framework like Shale should add value around JSF,
rather than duplicating what already exists.  In particular, the
responsibilities for state management (and corresponding overlaps with
view creation) are nicely abstracted in JSF's StateMannager and
ViewHandler APIs ... so one option would be to build your own
pluggable implementation that should (in theory) plug into any JSF
implementation (although the underlying implementation will need to be
careful about implied behavior linkages between its various components
for such an implementation to be truly portable).

Maybe there's room in the world for a project containing various
plugins to JSF, not just components?

> Basically I was thinking about the problem of having client-side JSF
> state sitting in your webpage as unencrypted byte text.  The
> persistent hacker could cause problems studying and modifying this
> state.
> 
> Craig's new <s:token> (which I love) will help.  Now the hacker will
> have to keep requesting a new page and examine the specific token for
> that request before submitting bogus info.
> 
> Anyways, I thought about adding some encryption features into the mix.
>  One option of course is to make this part of the StateHandler in the
> implementation.  Some of the new lifecycle concepts being introduced
> here in Shale also sound interesting though.
> 

This definitely seems like a direct plugin addon to JSF.  Besides
improving security, one could also think about value adds in other
dimensions (such as saving only deltas from the original component
tree in order to make the serialized data smaller).

> Any thoughts?
> 
> sean
> 


Craig

> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message