This week's giveaway is in the Testing forum.
We're giving away four copies of TDD for a Shopping Website LiveProject and have Steven Solomon on-line!
See this thread for details.
Win a copy of TDD for a Shopping Website LiveProject this week in the Testing forum!

David Sawyer

Greenhorn
+ Follow
since May 19, 2010
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by David Sawyer

lol. yeah. it's tough. They argue that having these elements appear within the first X characters is important to some off-broadway non-Google search engines. They assume we're working w/ PHP or something and can't really appreciate the benefits of a component based paradigm.

Tim, do you happen to know where I could look in majarra to see how resources are introduced in the head. It seems like extension/decoration of this mechanism to change the position within the element shouldn't be terribly difficult.
11 years ago
JSF
The SEO guys reviewed the site and are insisting that the js and css resources included by Openfaces and Richfaces be moved below the title and meta elements.

Does anyone else have any insight on how this can be accomplished (outside of a filter which would be horribly inefficient)?
11 years ago
JSF
I work for a company that spends lots of money on SEO advice and those guys are very picky about the title element and supporting meta elements being the first children of <head>.

In 1.2 it was easy enough to control the position of items in the markup. I totally respect and enjoy the modular nature of JSF 2.0 and the ability of components to easily include their supporting resources, but it would be nice if you could specify the location within <h:head> for resources to be included.
11 years ago
JSF
Is there a way to control the location where resources are placed within <head></head> ?

I've noticed that most component libraries include css or js resources and that in the html output they appear at the very beginning of <head>. Ideally I would like them to appear at the very end right before </head> so that my title and meta elements are all above them. Any simple way to accomplish this?
11 years ago
JSF
Did anyone else have any security concerns with this final implementation or does this seem secure to everyone?
11 years ago

Rob Prime wrote:Can you watch it a bit next time? Thanks.

Definitely. Will do.
11 years ago
Nice. I like that much better. Here's the current setup:

Interface:


Impl:


Factory:


Script to generate keystore/key:


Unit Test:
11 years ago
James, thank you so much for the time. Here's what I've come up with:

First a script to generate the keystore/key:


Next the revised AESEncryptionException:


The AESEncryptionService Interface:


The AESEncryptionServiceImpl:


And Unit Test to make sure it all works:

11 years ago
I understand that from the perspective of not checking in the key etc. that a keystore is more secure, but is there a technical security issue with PBE?

11 years ago
Here's the updated version with the throws suggestion implemented and the character encoding fixed:

11 years ago
I'll definitely be moving the password to a keystore as we need different keys for each environment (dev, staging, production). This was more illustrative of what i was doing in one chunk of code. Mostly I wanted to confirm that there were no serious flaws in the encryption/decryption routine.

I will definitely take your advice and add throws rather than catching those exceptions.
11 years ago
I'm working on an AES Encryption service. I was wondering in you wouldn't mind taking a look at the design and look for any security holes:

11 years ago
Thanks very much for the reply.

I didn't explain myself very clearly. I was not referring to security concerns from a browser client => server perspective. What I am concerned about is PCI compliance which requires that no bank information is stored on the file system via the session. So a better way to phrase the question is:

1) If a jsf bean has a property "bankAccountNumber" and that bean is in request scope will the value bound to that property ever be stored on the file system via the session?

and

2) If a jsf bean has a property "bankAccountNumber" and that bean is in session scope will the value bound to that property ever be stored on the file system via the session?
11 years ago
JSF
I'm building an application that stores sensitive information (bank and other financial information). For security sake we are only keeping managed beans in request scope and sending and receiving data to=>from the database over an encrypted stream between each page of the application form. Is it safe to assume that no financial data will be saved to the session on the filesystem if the managed beans are all in request scope? If would like to feel confident that the only data outside of memory is in the database.

Thanks in advance for looking at this!
11 years ago
JSF