[ http://issues.apache.org/jira/browse/TAPESTRY-843?page=comments#action_12363592 ]
Brian K. Wallace commented on TAPESTRY-843: ------------------------------------------- There are many ways to work around this issue - the issue isn't that it's impossible to fix, just that the current documentation implies that the friendly URL contribution is the answer to security while it is not. (hence the patch is to documentation, not code) > Friendly URL documentation concerning security and ugly URLs > ------------------------------------------------------------ > > Key: TAPESTRY-843 > URL: http://issues.apache.org/jira/browse/TAPESTRY-843 > Project: Tapestry > Type: Bug > Components: Documentation > Versions: 4.0 > Environment: All > Reporter: Brian K. Wallace > Attachments: Patch for Friendly URL security concern.patch > > The friendly URL documentation implies that enabling of friendly URLs is a > way to enable security for Tapestry generated URLs. While this part of the > documentation is correct, it implies that the 'ugly' URLs are no longer > accessible - thereby enabling security for Tapestry sites. This is not > correct and should be documented (at the very least). > Ideally, there should be a method in the framework itself that would disable > access to the original URLs if the friently URL contribution is made. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
