know the session id could you make valid Ajax Requests?
Douglas
-Original Message-
From: Jeremy Thomerson [mailto:jer...@wickettraining.com]
Sent: Thursday, May 07, 2009 5:26 PM
To: users@wicket.apache.org
Subject: Re: Ajax Request Security
Ajax requests, like non-bookmarkable links
It just dawned on me that most users will protect their url parameters to make
sure that end users can't fiddle with parameters and see inappropriate data,
however, is it conceivable to issue ajax requests to get an app to do something
it shouldn't?
If so, any tips on how to build a request
Ajax requests, like non-bookmarkable links within Wicket, are
inherently secure through the fact that they are session-relative.
That is, unless you specifically try to make it less secure, it is
secure by default in that I can not just twiddle with an ID field in
the request URL to edit an entity
:26 PM
To: users@wicket.apache.org
Subject: Re: Ajax Request Security
Ajax requests, like non-bookmarkable links within Wicket, are
inherently secure through the fact that they are session-relative.
That is, unless you specifically try to make it less secure, it is
secure by default in that I can
...@wickettraining.com]
Sent: Thursday, May 07, 2009 5:26 PM
To: users@wicket.apache.org
Subject: Re: Ajax Request Security
Ajax requests, like non-bookmarkable links within Wicket, are
inherently secure through the fact that they are session-relative.
That is, unless you specifically try to make