tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Massimo Lusetti <mluse...@gmail.com>
Subject Re: HMAC signatures
Date Fri, 05 Oct 2012 12:33:52 GMT
On Fri, Oct 5, 2012 at 12:35 PM, Dmitry Gusev <dmitry.gusev@gmail.com> wrote:

> I know, but isn't other default (non-random) value would be a priori known?
> Random value isn't good for cluster deployments, as was already mentioned
> before.
> So by default the HMAC signature wouldn't be much secure (if key equals to
> default), but at least it will work in cluster the same way as assets do
> (using application version).
> If you want more secure signatures you may specify passphrase explicitly
> also.

My point is I don't see any difference between the "DEFAULT" default
value and the application version.


To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
For additional commands, e-mail: dev-help@tapestry.apache.org

View raw message