It just dawned on me that most users will protect their url parameters to make sure that end users can't fiddle with parameters and see inappropriate data, however, is it conceivable to issue ajax requests to get an app to do something it shouldn't?
If so, any tips on how to build a request that would cause an ajax response? Is important to protect all ajax calls? Dougals --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org