You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by Apache Wiki <wi...@apache.org> on 2006/04/02 21:16:38 UTC

[Myfaces Wiki] Update of "Secure Your Application" by Dennis Byrne

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Myfaces Wiki" for change notification.

The following page has been changed by Dennis Byrne:
http://wiki.apache.org/myfaces/Secure_Your_Application

------------------------------------------------------------------------------
  
  This feature was added after the MyFaces 1.1.1 release.  
  
- This feature should not be used if your MyFaces core libraries are in a global directory (outside your web application).
+ In the rare case of your JCA provider lacking a thread safe [http://java.sun.com/j2se/1.4.2/docs/api/javax/crypto/spec/SecretKeySpec.html javax.crypto.spec.SecretKeySpec], it is advised that you disable SecretKey caching by specifying the following context parameter in the deployment descriptor.
  
+ {{{
+     <context-param>
+         <param-name>org.apache.myfaces.secret.cache</param-name>
+         <param-value>false</param-value>
+     </context-param>
+ }}}
+