>> 4. Yes. See mailing list for earlier answers. There are more hardening options such as encrypting urls.
Even encrypting the urls Wicket is vulnerable to CSRF because the key used to encrypt is shared by all users of application. Wicket is an extensible framework where you to add some new functionallity "easily" but it doesn't provide any secure solution by default to protect you against CSRF attacks! Erik van Oosten wrote: > > Hello Marcelo, > > 1. No. The flip side of having full control of the HTML is that you need > to write it yourself. > > 2. In Wicket it is trivial to keep state (read the conversation state) > on the server, local to the dialog/panel you are working with. No > official conversation support is therefore needed. > > 3. Yes. See WicketTester. > > 4. Yes. See mailing list for earlier answers. There are more hardening > options such as encrypting urls. > > Regards, > Erik. > > > Marcelo Morales wrote: >> Hello >> >> I've browsed over the wicket documentation and examples. There are a >> couple of things I don't seem able to determine. So I would really >> appreciate your input on this questions. >> >> 1 Can I write a web application without coding any HTML whatsoever?... >> I mean, is there some kind of "html" or "whole page" component which >> renders an entire HTML page? >> 2 Is there a way to work on dialogs (also known as conversations) as >> opposed to sessions?... maybe this question is nonsense and I didn't >> understand the whole page version management mechanism. >> 3 Does it come with some kind of integration testing? >> 4 Is it possible (or feasible) to implement some kind of "page >> hardening"? I am seeking something to protect victims of CSRF attacks >> from other sites. A input name randomizer comes to mind (which would >> make it impossible to selenium test it) >> >> Regads >> >> Marcelo Morales >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > -- > > -- > Erik van Oosten > http://day-to-day-stuff.blogspot.com/ > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Questions-about-wicket-features-tp18857860p18866486.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
