Yeah,
That's what I meant, but didn't write ;-)
It should not fail silently though. In development this has to be
noticed. In production this should be readily visible.
Martijn
Eelco Hillenius wrote:
Though given the malicious nature of the attempt, you don't want to
give too much information. That's why just setting a HTTP status (like
expired or not authorized could also be a good idea (combined with
logging ofcourse).
Eelco
Martijn Dashorst wrote:
Hmm,
I think this should result in an error, either:
- someone is maliciously tampering with your application
- there is a bug in your application or the wicket framework
In both cases this should result in an error page, and not fail
silently. I suppose this could be made configurable in the same way
the error page is configurable.
Martijn
Matej Knopp wrote:
The easiest would be to do nothing. Do as normal, just ignore the
action. So if put in a url that would trigger action on invisible
component, I would just get redirected to
appName?component=X&interface=IRedirectLitener,...etc
Another one would be displaying an error page (like expired page).
But I think the first one is a better (and simpler) solution, but
that's only my opiniton (and it's more a feeling than an opinion :))
-Matej
Eelco Hillenius wrote:
Hmmm. Sure looks like an unwanted backdoor. I agree we should fix
this. What do you think would be the proper action to take when
Wicket regconizes that an invisible component is called?
Eelco
Matej Knopp wrote:
Hi. I'm using wicket 1.0 and I just realized, that it is possible
to invoke action (ILinkListener, etc) on an invisible component.
Is this intentional?
Because in my application it causes problems. For example I've
page with my bean properties and several buttons to
edit/manipulate it. I show/hide these buttons according to current
user rights. But even if they are not visible, they can be invoked
through url very simply.
Can anything be done to prevent this?
I tried to alter this behavieor but didn't succeeded as every
method in WebRequest dealing with invoking is either private or
final. (I know it's a design decision and I accept it, no rambling
here :))
-Matej
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration
Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
