I can only imagine it fits in the "security through obfuscation" category. "If they don't know it's Wicket, they won't think to use a Wicket exploit on it!".
At any rate, I'd be more worried about the fact that you're running it in a Java VM than the fact that the front-end of it is generated by Apache Wicket. If anything is going to be exploitable to do anything useful, it's going to be the VM. Or more likely, your own code. Don't get sucked into this obfuscation crap. It buys you nothing. But if you must, feel free to mount your pages with a .php extension and exhaust all the script kiddie's patience in his attempts at SQL injection. On 23 May 2011, at 20:56, Igor Vaynberg wrote: > thousands of applications show they use php with .php extensions. > thousands more show that they use jsp by .jsp extensions, and a lot > more show they use struts with a .do extension. why does it matter? > > -igor > > On Sat, May 21, 2011 at 9:01 AM, hariharansrc <[email protected]> wrote: >> <html> >> <head> >> <title>Wicket form</title> >> >> >> >> >> </head> >> >> <body> >> <form id="id1" method="post" >> action=";jsessionid=90C6F4DC17391001C2B5A3575453976D?wicket:interface=:0:form::IFormSubmitListener::"><div >> style="width:0px;height:0px;position:absolute;left:-100px;top:-100px;overflow:hidden"><input >> type="hidden" name="id1_hf_0" id="id1_hf_0" /></div> >> >> <input type="text" value="" name="username"> >> <button type="submit" name="hello" id="id2" onclick="var >> wcall=wicketSubmitFormById('id1', >> ';jsessionid=90C6F4DC17391001C2B5A3575453976D?wicket:interface=:0:form:hello::IActivePageBehaviorListener:0:&wicket:ignoreIfNotActive=true', >> 'hello' ,function() { }.bind(this),function() { }.bind(this), function() >> {return Wicket.$$(this)&&Wicket.$$('id1')}.bind(this));;; return >> false;">helloworld</button> >> >> </form> >> >> </body> >> </html> >> >> >> this is the html code i got for a simple program using ajax it shows many >> traces that we used wicket i am imagining is it cause any problem to reveal >> what we actually used to the users. >> >> >> -- >> View this message in context: >> http://apache-wicket.1842946.n4.nabble.com/wicket-showing-traces-that-we-used-wicket-is-it-a-problem-tp3540810p3540810.html >> Sent from the Users forum mailing list archive at Nabble.com. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
