Page Context & Security

spambob Apr 13, 2007 5:37 PM

Regarding page context the reference documentation says:

The state is actually serialized to the client, so this construct is extremely robust with respect to multi-window operation and the back button.

(at http://docs.jboss.com/seam/1.2.1.GA/reference/en/html/concepts.html#d0e2569)

How secure is this serialized state? Is it encrypted somehow - e.g. like the client side state saving - or can most information be retrieved by simply looking at the html source?

I'm asking because I have a page scoped component that has a few properties I don't won't / can't show to users. So is this secure enough or a big mistake?

1. Re: Page Context & Security

pmuir Apr 13, 2007 5:51 PM (in response to spambob)

The page context is serialised to the UIViewRoot, so is stored using whatever state saving (client or server) mechanism JSF uses.
Actions
2. Re: Page Context & Security

spambob Apr 13, 2007 5:58 PM (in response to spambob)

Thanks Peter!

Perhaps this could be clarified a bit more in the docs - or my english fooled me once again :D
Actions

Go to original post