Johan Compagner wrote:
> ...Which is pretty random. Only if all users would go over the same path
> always to the same page then the id could be guessed.
>
Actually, I do not think that is completely far fetched. In my banking
applications I mostly follow the same path. In some applications there
may be a high change that the guessed path is correct.
Then again, it is easily fixed by starting at a random page version number.
In addition, many Wicket applications use bookmarkable pages. Easily
avoided if you're worried about CSRF of course.
Regards,
Erik.
--
Erik van Oosten
http://day-to-day-stuff.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
