[prev in list] [next in list] [prev in thread] [next in thread]
List: wsf-c-dev
Subject: [Dev] Passing verification keys as url parameters
From: Sameera Jayaratna <sameeraj () wso2 ! com>
Date: 2014-11-28 3:47:11
Message-ID: CAJ6t+U9kcWvmFgtQSA0dpGh94qoGdWTONg6TnOak3famtCeyGg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I'm working on Password recovery for ES, following [1].
According to [1], in the sequence of calls to the
*UserInformationRecoveryService,
*the key generated in one call needs to be passed to the next call for
verification. These calls occur in different views, so we need to pass the
keys from one view to the next.
What is the best way to do this?
- passing as url parameters?
- storing them in the session?
Is there any security concerns related to either approach?
Or is there a better way to do this?
Any thoughts on this would be helpful.
Thank you,
Sameera
[1] https://docs.wso2.com/display/IS500/Recover+with+Secret+Questions
--
*Thanks & Regards,Sameera Jayaratna Software Engineer; **WSO2 Inc. *
*lean . enterprise . middleware | http://wso2.com <http://wso2.com> *
[Attachment #5 (text/html)]
<div dir="ltr">Hi,<div><br></div><div>I'm working on Password recovery for ES, \
following [1].</div><div><br></div><div>According to [1], in the sequence of calls to \
the <b>UserInformationRecoveryService, </b>the<b> </b>key generated in one call \
needs to be passed to the next call for verification. These calls occur in different \
views, so we need to pass the keys from one view to the next. \
</div><div><br></div><div>What is the best way to do this?</div><blockquote \
style="margin:0 0 0 40px;border:none;padding:0px"><ul><li>passing as url \
parameters?</li><li>storing them in the session?<br></li></ul></blockquote>Is there \
any security concerns related to either approach?<div>Or is there a better way to do \
this?</div><div><br><div>Any thoughts on this would be \
helpful.</div><div><br></div><div>Thank you,</div><div>Sameera<div><br></div><div>[1] \
<a href="https://docs.wso2.com/display/IS500/Recover+with+Secret+Questions">https://do \
cs.wso2.com/display/IS500/Recover+with+Secret+Questions</a><br><div><div><br></div>-- \
<br><div class="gmail_signature"><div dir="ltr"><font color="#888888"><span><font \
color="#888888"><font face="'times new roman', serif"><i>Thanks & \
Regards,<br><br><b>Sameera Jayaratna</b><br>
Software Engineer; </i></font><font face="'times new roman', serif"><i>WSO2 \
Inc. </i></font><div> <i style="font-family:'times new roman',serif">lean . \
enterprise . middleware | <a href="http://wso2.com" \
target="_blank">http://wso2.<span>com</span></a> \
<br></i></div></font></span></font></div></div> </div></div></div></div></div>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic