Thanks, Oleg.
On Thursday, March 26, 2015, Oleg Shelajev <oleg.shelajev_at_zeroturnaround.com>
wrote:
> Hey Kito,
>
> thanks for reaching out! This is indeed important. Unfortunately, we
> currently don't have the resources to rework that report.
>
> However, we don't want to misinform people, so this will at some point go
> into the todo list and when we have a look at older reports we will address
> this issue.
>
> Oleg
>
>
> On Fri, Mar 20, 2015 at 3:13 PM, Simon Maple <
> simon.maple_at_zeroturnaround.com
> <javascript:_e(%7B%7D,'cvml','simon.maple_at_zeroturnaround.com');>> wrote:
>
>> Hey Kito,
>>
>> Thanks for the feedback - I'm copying Oleg who's the head of RebelLabs.
>>
>>
>> Thanks,
>>
>> Simon Maple | Developer Advocate
>> +44 7974 761027
>> @sjmaple <http://twitter.com/sjmaple> @virtualJUG
>> <http://twitter.com/virtualJUG>
>> simon-maple
>> linkedin.com/in/simonmaple
>>
>> On 20 March 2015 at 13:05, Kito Mann <kito.mann_at_virtua.com
>> <javascript:_e(%7B%7D,'cvml','kito.mann_at_virtua.com');>> wrote:
>>
>>> Hey Simon,
>>>
>>> I don't know if you're the right person, but I wanted to send you this
>>> comment about the web framework guide. Please forward it to the right
>>> person.
>>> ___
>>>
>>> Kito D. Mann | @kito99 | Author, JSF in Action
>>> Virtua, Inc. | http://www.virtua.com | JSF/Java EE training and
>>> consulting
>>> http://www.JSFCentral.com | @jsfcentral
>>> +1 203-998-0403
>>>
>>> * Listen to the Enterprise Java Newscast: *http://
>>> <http://blogs.jsfcentral.com/JSFNewscast/>enterprisejavanews.com
>>> <http://ww.enterprisejavanews.com>*
>>> * JSFCentral Interviews Podcast:
>>> http://www.jsfcentral.com/resources/jsfcentralpodcasts/
>>> * Sign up for the JSFCentral Newsletter:
>>> http://oi.vresp.com/?fid=ac048d0e17
>>>
>>> ---------- Forwarded message ----------
>>> From: arjan tijms <arjan.tijms_at_gmail.com
>>> <javascript:_e(%7B%7D,'cvml','arjan.tijms_at_gmail.com');>>
>>> Date: Thu, Mar 19, 2015 at 11:06 AM
>>> Subject: [jsr372-experts mirror] [jsr372-experts] Re: Fwd: Java Web
>>> Frameworks guide
>>> To: "jsr372-experts_at_javaserverfaces-spec-public.java.net
>>> <javascript:_e(%7B%7D,'cvml','jsr372-experts_at_javaserverfaces-spec-public.java.net');>"
>>> <jsr372-experts_at_javaserverfaces-spec-public.java.net
>>> <javascript:_e(%7B%7D,'cvml','jsr372-experts_at_javaserverfaces-spec-public.java.net');>
>>> >
>>>
>>>
>>> Hi,
>>>
>>> On Thu, Mar 19, 2015 at 3:18 PM, Kito Mann <kito.mann_at_virtua.com
>>> <javascript:_e(%7B%7D,'cvml','kito.mann_at_virtua.com');>> wrote:
>>>
>>>>
>>>> A new JRebel guide -- always an interesting read:
>>>> http://pages.zeroturnaround.com/JRNurture_08GuidetoJavaWebFrameworks-DemoCOnfirmation.html
>>>>
>>>
>>>
>>> While not entirely bad, I've found the report a bit lacking at some
>>> areas. It states for instance that for security JSF does not offer anything
>>> beyond the Java EE platform security.
>>>
>>> This is of course not true. JSF escapes all rendered user values by
>>> default, which by itself is a very valuable and safe default that guards
>>> against injection attacks. Then non-stateless views are by default
>>> protected against CSRF attacks, and there's an explicit CSRF protection
>>> mechanism.
>>>
>>> If I'm not mistaken the community has pointed this out in the comments
>>> of a previous report, so JRebel should be aware of this by now.
>>>
>>> Kind regards,
>>> Arjan Tijms
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>>
>>>> ___
>>>>
>>>> Kito D. Mann | @kito99 | Author, JSF in Action
>>>> Virtua, Inc. | http://www.virtua.com | JSF/Java EE training and
>>>> consulting
>>>> http://www.JSFCentral.com | @jsfcentral
>>>> +1 203-998-0403
>>>>
>>>> * Listen to the Enterprise Java Newscast: *http://w
>>>> <http://blogs.jsfcentral.com/JSFNewscast/>ww.enterprisejavanews.com
>>>> <http://ww.enterprisejavanews.com>*
>>>> * JSFCentral Interviews Podcast:
>>>> http://www.jsfcentral.com/resources/jsfcentralpodcasts/
>>>> * Sign up for the JSFCentral Newsletter:
>>>> http://oi.vresp.com/?fid=ac048d0e17
>>>>
>>>>
>>>
>>>
>>
>
>
> --
>
>
> Oleg Ĺ elajev
> @shelajev <https://twitter.com/shelajev>
>
>
--
___
Kito D. Mann | @kito99 | Author, JSF in Action
Virtua, Inc. | http://www.virtua.com | JSF/Java EE training and consulting
http://www.JSFCentral.com | @jsfcentral
+1 203-998-0403
* Listen to the Enterprise Java Newscast: *http://
<http://blogs.jsfcentral.com/JSFNewscast/>enterprisejavanews.com
<http://ww.enterprisejavanews.com>*
* JSFCentral Interviews Podcast:
http://www.jsfcentral.com/resources/jsfcentralpodcasts/
* Sign up for the JSFCentral Newsletter: http://oi.vresp.com/?fid=ac048d0e17