tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Drobiazko <igor.drobia...@gmail.com>
Subject Re: Cross-site request forgery protection module
Date Wed, 10 Aug 2011 16:26:41 GMT
Marcus,

the first question to be clarified it whether your module should be included
into Tapestry at all. Don't get me wrong, but usually new stuff is included
into tapestry only if some of the committers feels responsible for that. The
code needs to be maintained by a committer. Even Howard was reluctant to
move great features from tapx to tapestry. I'd like to see your work as a
separate module which can be integrated into Tapestry later if it is used by
the community.

On Wed, Aug 10, 2011 at 4:11 PM, Markus Jung <markus.jung85@gmail.com>wrote:

> Hi,
>
> the CSRF protection module is now stable enough to relase version 1.0. It
> is
> available at the project home page
> http://code.google.com/p/gsoc2011-csrf-protection/ and contains all binary
> artifacts, a user guide and the API documentation. It is compatible to
> Tapestry 5.3.0, only the AjaxFormLoop component protection requires minor
> changes to Tapestry. These changes are provided as patch (updated patch
> available in JIRA). There are two demo applications (.war) that demonstrate
> the functionality. Uli is going to deploy them to
> tapestry.zones.apache.org.
>
> For the GSoC final evaluation I will submit the current version. However, I
> would like to move the complete module into the Tapestry project. Therefore
> I will create a patch including the protection module. Before I do this
> integration it would be great to get some feedback on the current solution.
> Finally the question is also if I should integrate the CSRF protection into
> the tapestry-core project or to have a separate submodule. I would prefer
> to
> have a separate submodule since the logic is currently clearly separated
> and
> I don't want to bloat the core package.
>
> BR
> Markus
>
> --
> View this message in context:
> http://tapestry.1045711.n5.nabble.com/Cross-site-request-forgery-protection-module-tp4685937p4685937.html
> Sent from the Tapestry - Dev mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: dev-help@tapestry.apache.org
>
>


-- 
Best regards,

Igor Drobiazko
http://tapestry5.de

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message