My point is, if the code path exists, doing some elaborate session hijacking sniffer something something predict blah... can be a pain in the arse and not really a valuable investment.
A better thing would be to ask the devs if it is plausible (regardless of how hard it might be in the real world). If the answer to plausibility is yes, then there needs to be a solution. Not a "yeah its plausible try to hack it" approach. If the OP cannot hack the system, but an attacker uses the exact methods he's described here, then that would be pretty embarrassing for all parties. Martijn Dashorst wrote: > > I can claim anything in thought experiments. That is easy. Making it > true is something different. > > Martijn > -- View this message in context: http://www.nabble.com/Security-Features-offered-by-Wicket-tp15738864p15824726.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
