You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Christophe Cordenier <ch...@gmail.com> on 2010/03/24 18:06:22 UTC
Decorate parameter
Hi
I am currently trying to decorate the encoder parameter of Select component
(at least every component that has an encoder parameter) to apply an
indirection on client Value (see owasp rule A4)
I have tried to use InternalComponentResources of the container to write a
new value via the Binding, or the ParameterAccess, but no way...
It depends on the case but can fail with NullPointerException or because
default binding is invariant...
Any hints ?
--
Regards,
Christophe Cordenier.
Developer of wooki @wookicentral.com
Re: Decorate parameter
Posted by Christophe Cordenier <ch...@gmail.com>.
Actually i do it at the very end of chain and manipulate only string.
The work is done at link encoding and decoding.
Le 26 mars 2010 à 22:16, Josh Canfield <jo...@gmail.com> a
écrit :
> :) Thanks. I understood that it could be done but I'm curious how you
> use it for an event link?
>
> Do you contribute to ValueEncoderSource an encoder for Long.class and
> just obfuscate all Longs?
>
> Josh
>
> On Fri, Mar 26, 2010 at 1:57 PM, Christophe Cordenier
> <ch...@gmail.com> wrote:
>> Hi
>> I have used value encoder for select component and component event
>> link
>> encoder/decoder service for context (action and event)
>>
>> Best regards
>> Le 26 mars 2010 à 21:44, Josh Canfield <jo...@gmail.com> a
>> écrit :
>>
>>>> Or implementing the obfuscation logic inside the ValueEncoder? This
>>>> interface is exactly where Tapestry expect you to any conversion
>>>> between
>>>> object and string representation of it used inside an URL or HTML
>>>> page.
>>>
>>> Hmm... how do you provide a ValueEncoder in an event or page link?
>>>
>>>
>>> On Fri, Mar 26, 2010 at 10:58 AM, Thiago H. de Paula Figueiredo
>>> <th...@gmail.com> wrote:
>>>>
>>>> On Fri, 26 Mar 2010 14:38:38 -0300, Josh Canfield
>>>> <jo...@gmail.com>
>>>> wrote:
>>>>
>>>>>> I am currently trying to decorate the encoder parameter of Select
>>>>>> component
>>>>>> (at least every component that has an encoder parameter) to
>>>>>> apply an
>>>>>> indirection on client Value (see owasp rule A4)
>>>>>
>>>>> This seems like a wide net... Have you considered using a
>>>>> different
>>>>> type for the ids that you want obfuscated?
>>>>
>>>> Or implementing the obfuscation logic inside the ValueEncoder? This
>>>> interface is exactly where Tapestry expect you to any conversion
>>>> between
>>>> object and string representation of it used inside an URL or HTML
>>>> page.
>>>> That's the simplest and more reusable solution I can think.
>>>> Another one
>>>> would be the decoration of ValueEncoderSource.
>>>>
>>>> --
>>>> Thiago H. de Paula Figueiredo
>>>> Independent Java, Apache Tapestry 5 and Hibernate consultant,
>>>> developer,
>>>> and
>>>> instructor
>>>> Owner, software architect and developer, Ars Machina Tecnologia da
>>>> Informação Ltda.
>>>> http://www.arsmachina.com.br
>>>>
>>>> ---
>>>> ------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> --
>>> http://www.bodylabgym.com - a private, by appointment only, one-on-
>>> one
>>> health and fitness facility.
>>> --
>>> http://www.ectransition.com - Quality Electronic Cigarettes at a
>>> reasonable price!
>>> --
>>> TheDailyTube.com. Sign up and get the best new videos on the
>>> internet
>>> delivered fresh to your inbox.
>>>
>>> ---
>>> ------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
>
>
> --
> --
> http://www.bodylabgym.com - a private, by appointment only, one-on-one
> health and fitness facility.
> --
> http://www.ectransition.com - Quality Electronic Cigarettes at a
> reasonable price!
> --
> TheDailyTube.com. Sign up and get the best new videos on the internet
> delivered fresh to your inbox.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Decorate parameter
Posted by Christophe Cordenier <ch...@gmail.com>.
Actually your remarks makes me wondering if it's really a good solution to
'encode' all the activation parameters, i should focus on a list of type.
Have to think on how to achieve this...
Thanks for discussion.
Christophe Cordenier.
2010/3/26 Josh Canfield <jo...@gmail.com>
> :) Thanks. I understood that it could be done but I'm curious how you
> use it for an event link?
>
> Do you contribute to ValueEncoderSource an encoder for Long.class and
> just obfuscate all Longs?
>
> Josh
>
> On Fri, Mar 26, 2010 at 1:57 PM, Christophe Cordenier
> <ch...@gmail.com> wrote:
> > Hi
> > I have used value encoder for select component and component event link
> > encoder/decoder service for context (action and event)
> >
> > Best regards
> > Le 26 mars 2010 à 21:44, Josh Canfield <jo...@gmail.com> a écrit
> :
> >
> >>> Or implementing the obfuscation logic inside the ValueEncoder? This
> >>> interface is exactly where Tapestry expect you to any conversion
> between
> >>> object and string representation of it used inside an URL or HTML page.
> >>
> >> Hmm... how do you provide a ValueEncoder in an event or page link?
> >>
> >>
> >> On Fri, Mar 26, 2010 at 10:58 AM, Thiago H. de Paula Figueiredo
> >> <th...@gmail.com> wrote:
> >>>
> >>> On Fri, 26 Mar 2010 14:38:38 -0300, Josh Canfield
> >>> <jo...@gmail.com>
> >>> wrote:
> >>>
> >>>>> I am currently trying to decorate the encoder parameter of Select
> >>>>> component
> >>>>> (at least every component that has an encoder parameter) to apply an
> >>>>> indirection on client Value (see owasp rule A4)
> >>>>
> >>>> This seems like a wide net... Have you considered using a different
> >>>> type for the ids that you want obfuscated?
> >>>
> >>> Or implementing the obfuscation logic inside the ValueEncoder? This
> >>> interface is exactly where Tapestry expect you to any conversion
> between
> >>> object and string representation of it used inside an URL or HTML page.
> >>> That's the simplest and more reusable solution I can think. Another one
> >>> would be the decoration of ValueEncoderSource.
> >>>
> >>> --
> >>> Thiago H. de Paula Figueiredo
> >>> Independent Java, Apache Tapestry 5 and Hibernate consultant,
> developer,
> >>> and
> >>> instructor
> >>> Owner, software architect and developer, Ars Machina Tecnologia da
> >>> Informação Ltda.
> >>> http://www.arsmachina.com.br
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >>> For additional commands, e-mail: users-help@tapestry.apache.org
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> --
> >> http://www.bodylabgym.com - a private, by appointment only, one-on-one
> >> health and fitness facility.
> >> --
> >> http://www.ectransition.com - Quality Electronic Cigarettes at a
> >> reasonable price!
> >> --
> >> TheDailyTube.com. Sign up and get the best new videos on the internet
> >> delivered fresh to your inbox.
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >> For additional commands, e-mail: users-help@tapestry.apache.org
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
>
>
> --
> --
> http://www.bodylabgym.com - a private, by appointment only, one-on-one
> health and fitness facility.
> --
> http://www.ectransition.com - Quality Electronic Cigarettes at a
> reasonable price!
> --
> TheDailyTube.com. Sign up and get the best new videos on the internet
> delivered fresh to your inbox.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Regards,
Christophe Cordenier.
Developer of wooki @wookicentral.com
Re: Decorate parameter
Posted by Josh Canfield <jo...@gmail.com>.
:) Thanks. I understood that it could be done but I'm curious how you
use it for an event link?
Do you contribute to ValueEncoderSource an encoder for Long.class and
just obfuscate all Longs?
Josh
On Fri, Mar 26, 2010 at 1:57 PM, Christophe Cordenier
<ch...@gmail.com> wrote:
> Hi
> I have used value encoder for select component and component event link
> encoder/decoder service for context (action and event)
>
> Best regards
> Le 26 mars 2010 à 21:44, Josh Canfield <jo...@gmail.com> a écrit :
>
>>> Or implementing the obfuscation logic inside the ValueEncoder? This
>>> interface is exactly where Tapestry expect you to any conversion between
>>> object and string representation of it used inside an URL or HTML page.
>>
>> Hmm... how do you provide a ValueEncoder in an event or page link?
>>
>>
>> On Fri, Mar 26, 2010 at 10:58 AM, Thiago H. de Paula Figueiredo
>> <th...@gmail.com> wrote:
>>>
>>> On Fri, 26 Mar 2010 14:38:38 -0300, Josh Canfield
>>> <jo...@gmail.com>
>>> wrote:
>>>
>>>>> I am currently trying to decorate the encoder parameter of Select
>>>>> component
>>>>> (at least every component that has an encoder parameter) to apply an
>>>>> indirection on client Value (see owasp rule A4)
>>>>
>>>> This seems like a wide net... Have you considered using a different
>>>> type for the ids that you want obfuscated?
>>>
>>> Or implementing the obfuscation logic inside the ValueEncoder? This
>>> interface is exactly where Tapestry expect you to any conversion between
>>> object and string representation of it used inside an URL or HTML page.
>>> That's the simplest and more reusable solution I can think. Another one
>>> would be the decoration of ValueEncoderSource.
>>>
>>> --
>>> Thiago H. de Paula Figueiredo
>>> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
>>> and
>>> instructor
>>> Owner, software architect and developer, Ars Machina Tecnologia da
>>> Informação Ltda.
>>> http://www.arsmachina.com.br
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>
>>
>>
>> --
>> --
>> http://www.bodylabgym.com - a private, by appointment only, one-on-one
>> health and fitness facility.
>> --
>> http://www.ectransition.com - Quality Electronic Cigarettes at a
>> reasonable price!
>> --
>> TheDailyTube.com. Sign up and get the best new videos on the internet
>> delivered fresh to your inbox.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
--
http://www.bodylabgym.com - a private, by appointment only, one-on-one
health and fitness facility.
--
http://www.ectransition.com - Quality Electronic Cigarettes at a
reasonable price!
--
TheDailyTube.com. Sign up and get the best new videos on the internet
delivered fresh to your inbox.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Decorate parameter
Posted by Christophe Cordenier <ch...@gmail.com>.
Hi
I have used value encoder for select component and component event
link encoder/decoder service for context (action and event)
Best regards
Le 26 mars 2010 à 21:44, Josh Canfield <jo...@gmail.com> a
écrit :
>> Or implementing the obfuscation logic inside the ValueEncoder? This
>> interface is exactly where Tapestry expect you to any conversion
>> between
>> object and string representation of it used inside an URL or HTML
>> page.
>
> Hmm... how do you provide a ValueEncoder in an event or page link?
>
>
> On Fri, Mar 26, 2010 at 10:58 AM, Thiago H. de Paula Figueiredo
> <th...@gmail.com> wrote:
>> On Fri, 26 Mar 2010 14:38:38 -0300, Josh Canfield <joshcanfield@gmail.com
>> >
>> wrote:
>>
>>>> I am currently trying to decorate the encoder parameter of Select
>>>> component
>>>> (at least every component that has an encoder parameter) to apply
>>>> an
>>>> indirection on client Value (see owasp rule A4)
>>>
>>> This seems like a wide net... Have you considered using a different
>>> type for the ids that you want obfuscated?
>>
>> Or implementing the obfuscation logic inside the ValueEncoder? This
>> interface is exactly where Tapestry expect you to any conversion
>> between
>> object and string representation of it used inside an URL or HTML
>> page.
>> That's the simplest and more reusable solution I can think. Another
>> one
>> would be the decoration of ValueEncoderSource.
>>
>> --
>> Thiago H. de Paula Figueiredo
>> Independent Java, Apache Tapestry 5 and Hibernate consultant,
>> developer, and
>> instructor
>> Owner, software architect and developer, Ars Machina Tecnologia da
>> Informação Ltda.
>> http://www.arsmachina.com.br
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
>
>
> --
> --
> http://www.bodylabgym.com - a private, by appointment only, one-on-one
> health and fitness facility.
> --
> http://www.ectransition.com - Quality Electronic Cigarettes at a
> reasonable price!
> --
> TheDailyTube.com. Sign up and get the best new videos on the internet
> delivered fresh to your inbox.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Decorate parameter
Posted by Josh Canfield <jo...@gmail.com>.
> Or implementing the obfuscation logic inside the ValueEncoder? This
> interface is exactly where Tapestry expect you to any conversion between
> object and string representation of it used inside an URL or HTML page.
Hmm... how do you provide a ValueEncoder in an event or page link?
On Fri, Mar 26, 2010 at 10:58 AM, Thiago H. de Paula Figueiredo
<th...@gmail.com> wrote:
> On Fri, 26 Mar 2010 14:38:38 -0300, Josh Canfield <jo...@gmail.com>
> wrote:
>
>>> I am currently trying to decorate the encoder parameter of Select
>>> component
>>> (at least every component that has an encoder parameter) to apply an
>>> indirection on client Value (see owasp rule A4)
>>
>> This seems like a wide net... Have you considered using a different
>> type for the ids that you want obfuscated?
>
> Or implementing the obfuscation logic inside the ValueEncoder? This
> interface is exactly where Tapestry expect you to any conversion between
> object and string representation of it used inside an URL or HTML page.
> That's the simplest and more reusable solution I can think. Another one
> would be the decoration of ValueEncoderSource.
>
> --
> Thiago H. de Paula Figueiredo
> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, and
> instructor
> Owner, software architect and developer, Ars Machina Tecnologia da
> Informação Ltda.
> http://www.arsmachina.com.br
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
--
http://www.bodylabgym.com - a private, by appointment only, one-on-one
health and fitness facility.
--
http://www.ectransition.com - Quality Electronic Cigarettes at a
reasonable price!
--
TheDailyTube.com. Sign up and get the best new videos on the internet
delivered fresh to your inbox.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Decorate parameter
Posted by Christophe Cordenier <ch...@gmail.com>.
Hi
2010/3/26 Thiago H. de Paula Figueiredo <th...@gmail.com>
> On Fri, 26 Mar 2010 14:38:38 -0300, Josh Canfield <jo...@gmail.com>
> wrote:
>
> I am currently trying to decorate the encoder parameter of Select
>>> component
>>> (at least every component that has an encoder parameter) to apply an
>>> indirection on client Value (see owasp rule A4)
>>>
>>
>> This seems like a wide net... Have you considered using a different
>> type for the ids that you want obfuscated?
>>
>
> Or implementing the obfuscation logic inside the ValueEncoder? This
> interface is exactly where Tapestry expect you to any conversion between
> object and string representation of it used inside an URL or HTML page.
> That's the simplest and more reusable solution I can think. Another one
> would be the decoration of ValueEncoderSource.
>
This is exactly what i did. The thing is that i wanted to make this totally
transparent to the user through a mixin and also allow to apply this
obfuscation on demand only not to be too intrusive. By the way valueEncoder
works like a charm.
> --
> Thiago H. de Paula Figueiredo
> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
> and instructor
> Owner, software architect and developer, Ars Machina Tecnologia da
> Informação Ltda.
> http://www.arsmachina.com.br
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Regards,
Christophe Cordenier.
Developer of wooki @wookicentral.com
Re: Decorate parameter
Posted by "Thiago H. de Paula Figueiredo" <th...@gmail.com>.
On Fri, 26 Mar 2010 14:38:38 -0300, Josh Canfield <jo...@gmail.com>
wrote:
>> I am currently trying to decorate the encoder parameter of Select
>> component
>> (at least every component that has an encoder parameter) to apply an
>> indirection on client Value (see owasp rule A4)
>
> This seems like a wide net... Have you considered using a different
> type for the ids that you want obfuscated?
Or implementing the obfuscation logic inside the ValueEncoder? This
interface is exactly where Tapestry expect you to any conversion between
object and string representation of it used inside an URL or HTML page.
That's the simplest and more reusable solution I can think. Another one
would be the decoration of ValueEncoderSource.
--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
and instructor
Owner, software architect and developer, Ars Machina Tecnologia da
Informação Ltda.
http://www.arsmachina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Decorate parameter
Posted by Christophe Cordenier <ch...@gmail.com>.
Hi Josh,
Thanks you for suggestions.
Best Regards,
Christophe.
2010/3/26 Josh Canfield <jo...@gmail.com>
> > I am currently trying to decorate the encoder parameter of Select
> component
> > (at least every component that has an encoder parameter) to apply an
> > indirection on client Value (see owasp rule A4)
>
> This seems like a wide net... Have you considered using a different
> type for the ids that you want obfuscated? For a project where I
> didn't need clients guessing at db ids I built an ObscureId object
> with accompanying TypeCoercer, Translator and Binding. It also makes
> your intentions obvious for someone coming in later to work on the
> project.
>
> void onActivate(final ObscureId id) {}
>
> ObscureId onPassivate() {return ObscureId.valueOf(something.id)}
>
> <t:pagelink page="something/edit" context="obscureId:something.id"/>
>
> I can share the code for what I have if you're interested. I'm not too
> proud of my hacky obfuscation technique, but not too ashamed to share.
>
> Josh
>
> On Wed, Mar 24, 2010 at 10:06 AM, Christophe Cordenier
> <ch...@gmail.com> wrote:
> > Hi
> >
> > I am currently trying to decorate the encoder parameter of Select
> component
> > (at least every component that has an encoder parameter) to apply an
> > indirection on client Value (see owasp rule A4)
> >
> > I have tried to use InternalComponentResources of the container to write
> a
> > new value via the Binding, or the ParameterAccess, but no way...
> > It depends on the case but can fail with NullPointerException or because
> > default binding is invariant...
> >
> > Any hints ?
> >
> > --
> > Regards,
> > Christophe Cordenier.
> >
> > Developer of wooki @wookicentral.com
> >
>
>
>
> --
> --
> http://www.bodylabgym.com - a private, by appointment only, one-on-one
> health and fitness facility.
> --
> http://www.ectransition.com - Quality Electronic Cigarettes at a
> reasonable price!
> --
> TheDailyTube.com. Sign up and get the best new videos on the internet
> delivered fresh to your inbox.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Regards,
Christophe Cordenier.
Developer of wooki @wookicentral.com
Re: Decorate parameter
Posted by Josh Canfield <jo...@gmail.com>.
> I am currently trying to decorate the encoder parameter of Select component
> (at least every component that has an encoder parameter) to apply an
> indirection on client Value (see owasp rule A4)
This seems like a wide net... Have you considered using a different
type for the ids that you want obfuscated? For a project where I
didn't need clients guessing at db ids I built an ObscureId object
with accompanying TypeCoercer, Translator and Binding. It also makes
your intentions obvious for someone coming in later to work on the
project.
void onActivate(final ObscureId id) {}
ObscureId onPassivate() {return ObscureId.valueOf(something.id)}
<t:pagelink page="something/edit" context="obscureId:something.id"/>
I can share the code for what I have if you're interested. I'm not too
proud of my hacky obfuscation technique, but not too ashamed to share.
Josh
On Wed, Mar 24, 2010 at 10:06 AM, Christophe Cordenier
<ch...@gmail.com> wrote:
> Hi
>
> I am currently trying to decorate the encoder parameter of Select component
> (at least every component that has an encoder parameter) to apply an
> indirection on client Value (see owasp rule A4)
>
> I have tried to use InternalComponentResources of the container to write a
> new value via the Binding, or the ParameterAccess, but no way...
> It depends on the case but can fail with NullPointerException or because
> default binding is invariant...
>
> Any hints ?
>
> --
> Regards,
> Christophe Cordenier.
>
> Developer of wooki @wookicentral.com
>
--
--
http://www.bodylabgym.com - a private, by appointment only, one-on-one
health and fitness facility.
--
http://www.ectransition.com - Quality Electronic Cigarettes at a
reasonable price!
--
TheDailyTube.com. Sign up and get the best new videos on the internet
delivered fresh to your inbox.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Decorate parameter
Posted by Christophe Cordenier <ch...@gmail.com>.
Hi
I just discovered the @BindParameter annotation and new ParameterConduit
API, sadly this is only available in 5.2.
Regards,
Christophe Cordenier.
2010/3/24 Christophe Cordenier <ch...@gmail.com>
> Hi
>
> I am currently trying to decorate the encoder parameter of Select component
> (at least every component that has an encoder parameter) to apply an
> indirection on client Value (see owasp rule A4)
>
> I have tried to use InternalComponentResources of the container to write a
> new value via the Binding, or the ParameterAccess, but no way...
> It depends on the case but can fail with NullPointerException or because
> default binding is invariant...
>
> Any hints ?
>
> --
> Regards,
> Christophe Cordenier.
>
> Developer of wooki @wookicentral.com
>
--
Regards,
Christophe Cordenier.
Developer of wooki @wookicentral.com