You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "Dan Haywood (JIRA)" <ji...@apache.org> on 2016/03/17 10:03:33 UTC

[jira] [Resolved] (ISIS-1048) Make view model URLs more secure, eg through a private key.

     [ https://issues.apache.org/jira/browse/ISIS-1048?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Haywood resolved ISIS-1048.
-------------------------------
    Resolution: Duplicate

This is supported via the pluggable UrlEncodingService, introduced in Isis 1.11.0

> Make view model URLs more secure, eg through a private key.
> -----------------------------------------------------------
>
>                 Key: ISIS-1048
>                 URL: https://issues.apache.org/jira/browse/ISIS-1048
>             Project: Isis
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: core-1.7.0
>            Reporter: Dan Haywood
>            Assignee: Dan Haywood
>            Priority: Minor
>             Fix For: 1.12.0
>
>
> At the moment it is possible to reverse engineer a view model URL, or perhaps to steal it.  
> It ought to be encrypted somehow, eg using HMAC.
> http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/AuthJavaSampleHMACSignature.html
> http://www.smartjava.org/content/protect-rest-service-using-hmac-play-20



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)