Url segments in CryptoMapper may be larger than 260 chars => HTTP 400 - 'Bad
request' when using IIS
----------------------------------------------------------------------------------------------------
Key: WICKET-4407
URL: https://issues.apache.org/jira/browse/WICKET-4407
Project: Wicket
Issue Type: Improvement
Components: wicket
Affects Versions: 1.5.4
Environment: IIS
Reporter: Jurriaan Pruys
Priority: Minor
CryptoMapper encrypts the whole Url into a single segment. As a result the
encrypted url segment can be very long (> 260 characters). The default maximum
url segment size for IIS is 260 characters (see
http://support.microsoft.com/kb/820129). The warning note for changing this
default is "Changing this registry key is considered extremely dangerous. This
key causes Http.sys to use more memory and may increase vulnerability to
malicious attacks."
I've created my own CryptoMapper that puts the encrypted request in a request
parameter. This works fine, but it would be nice to have this as a
(configurable | default) behavior of CryptoMapper.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
