[
https://issues.apache.org/jira/browse/WICKET-4407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jurriaan Pruys updated WICKET-4407:
-----------------------------------
Attachment: CryptoMapper.java
Based on the original CryptoMapper, but has an additional
preventExceedingIisUrlMaxSegmentLength option.
The mapper will maximize the segment size when
'preventExceedingIisUrlMaxSegmentLength' is enabled:
Encrypted url <= max: same behavior as original CryptoMapper ==> encrypted url
+ hashed segments
Encrypted url > max: encrypted url is put into multiple parts ==> segment count
indicator with segment count + segments with encrypted url parts + hashed
segments
> Url segments in CryptoMapper may be larger than 260 chars => HTTP 400 - 'Bad
> request' when using IIS
> ----------------------------------------------------------------------------------------------------
>
> Key: WICKET-4407
> URL: https://issues.apache.org/jira/browse/WICKET-4407
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 1.5.4
> Environment: IIS
> Reporter: Jurriaan Pruys
> Priority: Minor
> Attachments: CryptoMapper.java
>
>
> CryptoMapper encrypts the whole Url into a single segment. As a result the
> encrypted url segment can be very long (> 260 characters). The default
> maximum url segment size for IIS is 260 characters (see
> http://support.microsoft.com/kb/820129). The warning note for changing this
> default is "Changing this registry key is considered extremely dangerous.
> This key causes Http.sys to use more memory and may increase vulnerability to
> malicious attacks."
> I've created my own CryptoMapper that puts the encrypted request in a request
> parameter. This works fine, but it would be nice to have this as a
> (configurable | default) behavior of CryptoMapper.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira