afaik wicket is one of very few frameworks to offer this out of the box if not the only one. this feature is really a side-effect of how wicket works :)
for complete security you probably want to have a look into CryptedUrlWebRequestCodingStrategy, it completely encrpypts the urls so they look something like ?x=sdf7saf7sd9f7sd89f7sadf7sa789sd7f89sdf7sssdf and offers csrf protection. -igor On Thu, Sep 18, 2008 at 10:01 AM, cj91 <[EMAIL PROTECTED]> wrote: > > We were kind of reading the sentence backwards, the last poster described it > very well. Secure URL's would be a 'nice-to-have', but I'm not sure very > many frameworks support that. > > Thanks for the replies, > -Jonathan > > > Johan Compagner wrote: >> >> Why is that sentence ambiguous? >> >> On 9/18/08, cj91 <[EMAIL PROTECTED]> wrote: >>> >>> My company is planning an extremely large web project and Wicket is a >>> candidate for use. My manager pointed out some unsettling words on the >>> Wicket FAQ, which are ambiguous unfortunately. >>> http://wicket.apache.org/features.html >>> >>>>>>Wicket is secure by default. URLs do not expose sensitive information > and >>> all component paths are >>>>>>session-relative. Explicit steps must be taken to share information >>> between sessions. There are plans >>>>>>for the next version of Wicket to add URL encryption to support highly >>> secure web sites. >>> >>> >>> Can someone please elaborate on what is meant by "Explicit steps must be >>> taken to share information between sessions." >>> >>> Thank you, >>> -Jonathan >>> -- >>> View this message in context: >>> http://www.nabble.com/Wicket-not-secure--tp19556259p19556259.html >>> Sent from the Wicket - User mailing list archive at Nabble.com. >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- > View this message in context: > http://www.nabble.com/Wicket-not-secure--tp19556259p19557425.html > Sent from the Wicket - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
