the javadoc is out of date please open a jira issue to have the javadoc updated.
-igor On Sat, Sep 12, 2009 at 2:50 PM, mfs <[email protected]> wrote: > > Hi Guys, > > Sorry for not picking up the right thread for this question but I am not > able to submit a post. Anyways.. > > My question is regarding the javadocs for CryptedUrlWebRequestCodingStrategy > which in the end says "Because the algorithm is reversible, URLs which were > bookmarkable before will remain bookmarkable.". I wonder if that is true for > post 1.3.5 releases where the encryption involves the user-session id ? > > Thanks in advance > Farhan. > > > > > Vytautas Civilis wrote: >> >> Hi Erik, >> >> that's not a concern for me really - I'm providing static application >> specific key (not uber secure I know), this let's me have a bookmarkable >> page even with encrypted key (as enc key does not change). >> >> The issue (more like a feature request :]), is that hybrid >> encodes/decodes params in different way than >> CryptedUrlWebRequestCodingStrategy (which uses the more common style of >> QueryStringUrlCodingStrategy). >> I imagine, that's the only problem, so perhaps anyone has implemented >> that already, e.g. with some params encoding/decoding strategy, which >> could be supplied to hybrid strat (or to crypt strat ;]). >> >> cvl >> >> Erik van Oosten wrote: >>> Hi Vytautas, >>> >>> You can not encrypt bookmarkable URLs as encryption is done per session. >>> So if you're URLs need to be secure you are limited to regular Link's. >>> >>> Regards, >>> Erik. >>> >>> >>> >>> Vytautas Čivilis wrote: >>>> for the same purpose, one would encrypt QueryStringUrlCodingStrategy. >>>> >>>> e.g., if you have /path1/path2/param1/value1 >>>> and param1/value1 might expose some business logic or security related >>>> concerns. >>>> in the same manner as /path1/path2/param1=value1 would >>>> >>>> cvl >>>> >>>> Johan Compagner wrote: >>>> >>>>> why would you encrypt the hybrid? >>>>> >>>>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >> > > -- > View this message in context: > http://www.nabble.com/HybridUrlCodingStrategy-and-CryptedUrlWebRequestCodingStrategy-tp23960469p25418524.html > Sent from the Wicket - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
