struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Benedict <pbened...@apache.org>
Subject Re: Serializing the ValueStack on a redirect
Date Sun, 05 Aug 2012 15:17:20 GMT
Philip,

On Sun, Aug 5, 2012 at 1:42 AM, Philip Luppens <philip.luppens@gmail.com> wrote:
> On Sun, Aug 5, 2012 at 7:34 AM, Paul Benedict <pbenedict@apache.org> wrote:
>
>> I don't think this feature exists but it does in Tapestry (and
>> probably .NET). It should be possible to serialize the ValueStack on a
>> redirect, pass it as a 64-bit encoded key, and deserialize it. This
>> would facilitate greater Redirect-After-Post patterns that require
>> data points to still be active.
>>
>> Thoughts?
>>
>
> I find it an intriguing idea, but wouldn't it imply a serialisation of the
> entire object graph that is attached to your root object and hence a
> security risk by exposing certain variables?

Yes, you would have to serialize what's in the ValueStack. This would
be a given. However, a decent programmer should know what he is about
to do by enabling this kind of feature -- probably via a new
interceptor. With regards to security, the contents definitely require
encryption. Base64 encoding isn't stealth.

> Isn't this something that is already possible with the 'flash' scope? Or
> does this approach offer certain benefits?
>
> Cheers,
>
> Phil

Yes, it is a type of flash scope. The only difference is that it's not
dependent on a user's session.
https://issues.apache.org/jira/browse/WW-2635

Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message