You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Nikola Vulovic <ni...@gmail.com> on 2013/08/03 17:59:38 UTC
implementation of 'tapestry.hmac-passphrase
i get this error message in log and in AlertManager
(ClientDataEncoderImpl.java:61) - The symbol 'tapestry.hmac-passphrase' has
not been configured. This is used to configure hash-based message
authentication of Tapestry data stored in forms, or in the URL. You
application is less secure, and more vulnerable to denial-of-service
attacks, when this symbol is not configured.
I wish to implement tapestry.hmac-passphrase
Hope someone can tell me exactly what to do
--
Pozdrav Nikola Vulovic
Re: implementation of 'tapestry.hmac-passphrase
Posted by Chris Cureau <cm...@gmail.com>.
http://tapestry.apache.org/configuration.html#Configuration-tapestry.hmacpassphrase
Hint: Don't change it once its set.
On Aug 3, 2013 11:00 AM, "Nikola Vulovic" <ni...@gmail.com> wrote:
> i get this error message in log and in AlertManager
> (ClientDataEncoderImpl.java:61) - The symbol 'tapestry.hmac-passphrase' has
> not been configured. This is used to configure hash-based message
> authentication of Tapestry data stored in forms, or in the URL. You
> application is less secure, and more vulnerable to denial-of-service
> attacks, when this symbol is not configured.
>
> I wish to implement tapestry.hmac-passphrase
> Hope someone can tell me exactly what to do
>
> --
> Pozdrav Nikola Vulovic
>
Re: implementation of 'tapestry.hmac-passphrase
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
This is the simplest form:
configuration.add(SymbolConstants.HMAC_PASSPHRASE, "abcdef");
You can put in any kind of string, i.e. "application password"
that does not change frequently.
You can use random password generator to generate this string and just hardcode it.
On Aug 3, 2013, at 11:59 AM, Nikola Vulovic wrote:
> i get this error message in log and in AlertManager
> (ClientDataEncoderImpl.java:61) - The symbol 'tapestry.hmac-passphrase' has
> not been configured. This is used to configure hash-based message
> authentication of Tapestry data stored in forms, or in the URL. You
> application is less secure, and more vulnerable to denial-of-service
> attacks, when this symbol is not configured.
>
> I wish to implement tapestry.hmac-passphrase
> Hope someone can tell me exactly what to do
>
> --
> Pozdrav Nikola Vulovic
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org