Yes. We are pretty much the ideal framework for E*Trade (I mean if they aren't going out of business).
igor.vaynberg wrote: > > On Jan 14, 2008 2:11 PM, C. Bergström <[EMAIL PROTECTED]> wrote: >> "INTEGRITY: HDIV guarantees integrity (no data modification) of >> all the data generated by the server which should not be modified by the >> client (links, hidden fields, combo values, radio buttons, destiny pages, >> etc.)." > > not really sure what this means. how does the user modify a link or a > combo value in an unexpected way? > > hidden fields are not a problem because there is no client state in > wicket... you dont need hidden fields to pass around database ids, you > keep them on the server side in session. > > destiny pages are also selected on server side > >> "EDITABLE DATA VALIDATION: HDIV eliminates to a large extent the >> risk originated by attacks of type Cross-site scripting (XSS) and SQL >> Injection using generic validations of the editable data (text and >> textarea)" > > we have pretty good validators as well... > >> "CONFIDENTIALITY: HDIV guarantees the confidentiality of the non >> editable data as well. Usually lots of the data sent to the client has >> key information for the attackers such as database registry identifiers, >> column or table names, web directories, etc" > > we have this by default. database ids and the likes never make it into > the url unless you choose to create a bookmarkable link that has this > id as a parameter. > > we also provide session relative urls, and a crypt strategy which > encrypts the url. not sure what more we can possibly do out of the > box... > > -igor > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Shout-more-about-security-advantages-of-Wicket--tp14800934p14825213.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
