[
https://issues.apache.org/jira/browse/WICKET-4407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Grigorov resolved WICKET-4407.
-------------------------------------
Resolution: Won't Fix
I don't like the suggested fix. The same problem may happen with any other
mapper too if you add too long segment in the url. For example using
BookmarkableMapper with a class which name is more than 260 chars...
It is much better to set the registry entry to bigger value or 0 as described
at http://support.microsoft.com/kb/820129 and don't care about such problems.
> Url segments in CryptoMapper may be larger than 260 chars => HTTP 400 - 'Bad
> request' when using IIS
> ----------------------------------------------------------------------------------------------------
>
> Key: WICKET-4407
> URL: https://issues.apache.org/jira/browse/WICKET-4407
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 1.5.4
> Environment: IIS
> Reporter: Jurriaan Pruys
> Priority: Minor
> Attachments: CryptoMapper.java
>
>
> CryptoMapper encrypts the whole Url into a single segment. As a result the
> encrypted url segment can be very long (> 260 characters). The default
> maximum url segment size for IIS is 260 characters (see
> http://support.microsoft.com/kb/820129). The warning note for changing this
> default is "Changing this registry key is considered extremely dangerous.
> This key causes Http.sys to use more memory and may increase vulnerability to
> malicious attacks."
> I've created my own CryptoMapper that puts the encrypted request in a request
> parameter. This works fine, but it would be nice to have this as a
> (configurable | default) behavior of CryptoMapper.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
