You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by Apache Wiki <wi...@apache.org> on 2006/04/02 21:16:38 UTC
[Myfaces Wiki] Update of "Secure Your Application" by Dennis Byrne
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Myfaces Wiki" for change notification.
The following page has been changed by Dennis Byrne:
http://wiki.apache.org/myfaces/Secure_Your_Application
------------------------------------------------------------------------------
This feature was added after the MyFaces 1.1.1 release.
- This feature should not be used if your MyFaces core libraries are in a global directory (outside your web application).
+ In the rare case of your JCA provider lacking a thread safe [http://java.sun.com/j2se/1.4.2/docs/api/javax/crypto/spec/SecretKeySpec.html javax.crypto.spec.SecretKeySpec], it is advised that you disable SecretKey caching by specifying the following context parameter in the deployment descriptor.
+ {{{
+ <context-param>
+ <param-name>org.apache.myfaces.secret.cache</param-name>
+ <param-value>false</param-value>
+ </context-param>
+ }}}
+