[
https://issues.apache.org/jira/browse/WICKET-4407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13207694#comment-13207694
]
Jurriaan Pruys commented on WICKET-4407:
----------------------------------------
Found an issue with my implementation (doesn't work with images references in a
CSS). Start to work on an example which creates smaller segments.
> Url segments in CryptoMapper may be larger than 260 chars => HTTP 400 - 'Bad
> request' when using IIS
> ----------------------------------------------------------------------------------------------------
>
> Key: WICKET-4407
> URL: https://issues.apache.org/jira/browse/WICKET-4407
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 1.5.4
> Environment: IIS
> Reporter: Jurriaan Pruys
> Priority: Minor
>
> CryptoMapper encrypts the whole Url into a single segment. As a result the
> encrypted url segment can be very long (> 260 characters). The default
> maximum url segment size for IIS is 260 characters (see
> http://support.microsoft.com/kb/820129). The warning note for changing this
> default is "Changing this registry key is considered extremely dangerous.
> This key causes Http.sys to use more memory and may increase vulnerability to
> malicious attacks."
> I've created my own CryptoMapper that puts the encrypted request in a request
> parameter. This works fine, but it would be nice to have this as a
> (configurable | default) behavior of CryptoMapper.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
