override t:formdata when validation has error

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

override t:formdata when validation has error

duymap
Hi expert,

I have a form with username and password, but when enter wrong password,
the validation will records the errors in screen, the all data of
t:formdata was sent back to server, I have used Live HTTP addon in FireFox
to investigate and can see the plaintext of password value I typed.

The reason I think when has error in validation , tapestry will send back
t:formdata in GET method and we can see it as plaintext, it may fall medium
security because hacker can guest the right password base on wrong value.
Is there any way to overrite value for t:formdata when has validation error
.

Any answers will be appreciated.

Thanks,
Duy.
Reply | Threaded
Open this post in threaded view
|

Re: override t:formdata when validation has error

Thiago H de Paula Figueiredo
On Sat, 14 Dec 2013 12:43:26 -0200, Chung Khanh Duy  
<[hidden email]> wrote:

> Hi,

Hi!

> I have a form with username and password, but when enter wrong password,
> the validation will records the errors in screen, the all data of
> t:formdata was sent back to server, I have used Live HTTP addon in  
> FireFox to investigate and can see the plaintext of password value I  
> typed.
>
> The reason I think when has error in validation , tapestry will send back
> t:formdata in GET method and we can see it as plaintext, it may fall  
> medium security because hacker can guest the right password base on  
> wrong value.

Please file a JIRA about it.

> Is there any way to overrite value for t:formdata when has validation  
> error

Nope, but you don't need that. Just set the password property to null in  
your onSuccess() method when the email/password combination fails.

--
Thiago H. de Paula Figueiredo
Tapestry, Java and Hibernate consultant and developer
http://machina.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: override t:formdata when validation has error

duymap
Hi Thiago,

But I have a question, if has error occur in validation, the onSuccess() is
not called, is that right ? If so , how can set password is null ? If I
miss somthing, please let me know.

Thanks,
Duy.


On Sun, Dec 15, 2013 at 7:54 PM, Thiago H de Paula Figueiredo <
[hidden email]> wrote:

> On Sat, 14 Dec 2013 12:43:26 -0200, Chung Khanh Duy <
> [hidden email]> wrote:
>
>  Hi,
>>
>
> Hi!
>
>
>  I have a form with username and password, but when enter wrong password,
>> the validation will records the errors in screen, the all data of
>> t:formdata was sent back to server, I have used Live HTTP addon in
>> FireFox to investigate and can see the plaintext of password value I typed.
>>
>> The reason I think when has error in validation , tapestry will send back
>> t:formdata in GET method and we can see it as plaintext, it may fall
>> medium security because hacker can guest the right password base on wrong
>> value.
>>
>
> Please file a JIRA about it.
>
>
>  Is there any way to overrite value for t:formdata when has validation
>> error
>>
>
> Nope, but you don't need that. Just set the password property to null in
> your onSuccess() method when the email/password combination fails.
>
> --
> Thiago H. de Paula Figueiredo
> Tapestry, Java and Hibernate consultant and developer
> http://machina.com.br
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


--
Chung Khánh Duy
Project Support Manager
Formos
Reply | Threaded
Open this post in threaded view
|

Re: override t:formdata when validation has error

Thiago H de Paula Figueiredo
On Sun, 15 Dec 2013 11:01:35 -0200, Chung Khanh Duy  
<[hidden email]> wrote:

> Hi Thiago,

Hi!

> But I have a question, if has error occur in validation, the onSuccess()  
> is not called, is that right ? If so , how can set password is null ? If  
> I
> miss somthing, please let me know.

You're right, but there's the EventConstants.SUBMIT (onSubmit()) event  
which is triggered after all other form submission events, regardless of  
validation succeeding or not.

--
Thiago H. de Paula Figueiredo
Tapestry, Java and Hibernate consultant and developer
http://machina.com.br

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: override t:formdata when validation has error

duymap
Hi Thiago,

Thanks for your quick response. But in my application, we had:

onValidate...()

onSuccess()

You meant that I will replace onValidate() by onSummit() ? Or I can add one
more event onSubmiit() and if I can add onSubmit() event, what are orders
of these events calling ?

Thanks,
Duy.


On Sun, Dec 15, 2013 at 8:41 PM, Thiago H de Paula Figueiredo <
[hidden email]> wrote:

> On Sun, 15 Dec 2013 11:01:35 -0200, Chung Khanh Duy <
> [hidden email]> wrote:
>
>  Hi Thiago,
>>
>
> Hi!
>
>
>  But I have a question, if has error occur in validation, the onSuccess()
>> is not called, is that right ? If so , how can set password is null ? If I
>> miss somthing, please let me know.
>>
>
> You're right, but there's the EventConstants.SUBMIT (onSubmit()) event
> which is triggered after all other form submission events, regardless of
> validation succeeding or not.
>
>
> --
> Thiago H. de Paula Figueiredo
> Tapestry, Java and Hibernate consultant and developer
> http://machina.com.br
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


--
Chung Khánh Duy
Project Support Manager
Formos
Reply | Threaded
Open this post in threaded view
|

Re: override t:formdata when validation has error

Dimitris Zenios
onValidate -> onSubmit -> Onsuccess ( Only if validate does not have errors
)


On Sun, Dec 15, 2013 at 3:49 PM, Chung Khanh Duy <
[hidden email]> wrote:

> Hi Thiago,
>
> Thanks for your quick response. But in my application, we had:
>
> onValidate...()
>
> onSuccess()
>
> You meant that I will replace onValidate() by onSummit() ? Or I can add one
> more event onSubmiit() and if I can add onSubmit() event, what are orders
> of these events calling ?
>
> Thanks,
> Duy.
>
>
> On Sun, Dec 15, 2013 at 8:41 PM, Thiago H de Paula Figueiredo <
> [hidden email]> wrote:
>
> > On Sun, 15 Dec 2013 11:01:35 -0200, Chung Khanh Duy <
> > [hidden email]> wrote:
> >
> >  Hi Thiago,
> >>
> >
> > Hi!
> >
> >
> >  But I have a question, if has error occur in validation, the onSuccess()
> >> is not called, is that right ? If so , how can set password is null ?
> If I
> >> miss somthing, please let me know.
> >>
> >
> > You're right, but there's the EventConstants.SUBMIT (onSubmit()) event
> > which is triggered after all other form submission events, regardless of
> > validation succeeding or not.
> >
> >
> > --
> > Thiago H. de Paula Figueiredo
> > Tapestry, Java and Hibernate consultant and developer
> > http://machina.com.br
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]
> >
> >
>
>
> --
> Chung Khánh Duy
> Project Support Manager
> Formos
>
Reply | Threaded
Open this post in threaded view
|

Re: override t:formdata when validation has error

chris@opencsta.org
Form events (in order) table on this page shows the event ordering on form
submissions.

http://tapestry.apache.org/forms-and-validation.html

looks like validate -> success -> submit


On Mon, Dec 16, 2013 at 3:24 AM, Dimitris Zenios
<[hidden email]>wrote:

> onValidate -> onSubmit -> Onsuccess ( Only if validate does not have errors
> )
>
>
> On Sun, Dec 15, 2013 at 3:49 PM, Chung Khanh Duy <
> [hidden email]> wrote:
>
> > Hi Thiago,
> >
> > Thanks for your quick response. But in my application, we had:
> >
> > onValidate...()
> >
> > onSuccess()
> >
> > You meant that I will replace onValidate() by onSummit() ? Or I can add
> one
> > more event onSubmiit() and if I can add onSubmit() event, what are orders
> > of these events calling ?
> >
> > Thanks,
> > Duy.
> >
> >
> > On Sun, Dec 15, 2013 at 8:41 PM, Thiago H de Paula Figueiredo <
> > [hidden email]> wrote:
> >
> > > On Sun, 15 Dec 2013 11:01:35 -0200, Chung Khanh Duy <
> > > [hidden email]> wrote:
> > >
> > >  Hi Thiago,
> > >>
> > >
> > > Hi!
> > >
> > >
> > >  But I have a question, if has error occur in validation, the
> onSuccess()
> > >> is not called, is that right ? If so , how can set password is null ?
> > If I
> > >> miss somthing, please let me know.
> > >>
> > >
> > > You're right, but there's the EventConstants.SUBMIT (onSubmit()) event
> > > which is triggered after all other form submission events, regardless
> of
> > > validation succeeding or not.
> > >
> > >
> > > --
> > > Thiago H. de Paula Figueiredo
> > > Tapestry, Java and Hibernate consultant and developer
> > > http://machina.com.br
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [hidden email]
> > > For additional commands, e-mail: [hidden email]
> > >
> > >
> >
> >
> > --
> > Chung Khánh Duy
> > Project Support Manager
> > Formos
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: override t:formdata when validation has error

Dimitris Zenios
Sorry my mistake.In the end though Submit will be called on success or on
failure


On Mon, Dec 16, 2013 at 3:30 AM, Chris Mylonas <[hidden email]> wrote:

> Form events (in order) table on this page shows the event ordering on form
> submissions.
>
> http://tapestry.apache.org/forms-and-validation.html
>
> looks like validate -> success -> submit
>
>
> On Mon, Dec 16, 2013 at 3:24 AM, Dimitris Zenios
> <[hidden email]>wrote:
>
> > onValidate -> onSubmit -> Onsuccess ( Only if validate does not have
> errors
> > )
> >
> >
> > On Sun, Dec 15, 2013 at 3:49 PM, Chung Khanh Duy <
> > [hidden email]> wrote:
> >
> > > Hi Thiago,
> > >
> > > Thanks for your quick response. But in my application, we had:
> > >
> > > onValidate...()
> > >
> > > onSuccess()
> > >
> > > You meant that I will replace onValidate() by onSummit() ? Or I can add
> > one
> > > more event onSubmiit() and if I can add onSubmit() event, what are
> orders
> > > of these events calling ?
> > >
> > > Thanks,
> > > Duy.
> > >
> > >
> > > On Sun, Dec 15, 2013 at 8:41 PM, Thiago H de Paula Figueiredo <
> > > [hidden email]> wrote:
> > >
> > > > On Sun, 15 Dec 2013 11:01:35 -0200, Chung Khanh Duy <
> > > > [hidden email]> wrote:
> > > >
> > > >  Hi Thiago,
> > > >>
> > > >
> > > > Hi!
> > > >
> > > >
> > > >  But I have a question, if has error occur in validation, the
> > onSuccess()
> > > >> is not called, is that right ? If so , how can set password is null
> ?
> > > If I
> > > >> miss somthing, please let me know.
> > > >>
> > > >
> > > > You're right, but there's the EventConstants.SUBMIT (onSubmit())
> event
> > > > which is triggered after all other form submission events, regardless
> > of
> > > > validation succeeding or not.
> > > >
> > > >
> > > > --
> > > > Thiago H. de Paula Figueiredo
> > > > Tapestry, Java and Hibernate consultant and developer
> > > > http://machina.com.br
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [hidden email]
> > > > For additional commands, e-mail: [hidden email]
> > > >
> > > >
> > >
> > >
> > > --
> > > Chung Khánh Duy
> > > Project Support Manager
> > > Formos
> > >
> >
>