i must say that i pretty much like this implementation. There is no much
wrong with it.
I changes secure to x so that the url is even shorter. And i personally
don't mind what it is called.
johan
Juergen Donnerstag wrote:
WebRequestWithCryptelUrl ist highly experimental and thus no one will
ever use it in production. The implementation is very simple and every
user can create its own. And it is optonal. It is not the default
pattern, and thus it won't appear on sites which don't want it. To
activate it, you have to register it with the application.
Juergen
On 8/4/05, David Liebeherr <[EMAIL PROTECTED]> wrote:
Okay, i think this is not good since i realy think it is better to have
customization in this place.
But would it at least be possible to change it to x= rather than secure=.
secure= confueses the user very much bc it will appear on sites which has
nothing to do with
security and hence this the naming is confusing.
So i still vote for customizazion in this way. but if it is too hard to do,
please change it at
least to x=.
Thanx,
Dave
Jonathan Locke wrote:
security through obscurity is useless. if your encryption is weak,
anyone that can break it will
not be fooled by changing "secure" to something else. if you want to
make your own request
object that encrypts urls some other way, you can already do that. i
don't see any big advantage
to changing this. the downside is that it's confusing to the
developer. in the end, i don't care
enough about this to argue it out.
David Liebeherr wrote:
I whink customizability is important in the whole wicket project (or
web frameworks in general).
I for exmaple know a lot of clients that sais "i don't want that users
can see what is behind something". So they would absolutely refuse to
accept a crypted url with a secure= parameter since this looks
interesting for a script kiddy or hacker and for a custoemr it looks
weird to have a secure parameter in the url when he is for exmaple on
a non secured/authenticated site.
So i think it wouldn't be to complicated to make it customizable,
doesn't it, so what are the cons?
Thanx,
Dave
Johan Compagner wrote:
hmm if you ask me making that customizable doesn't make much sense.
why is that interesting?? I still think we shouldn't be bother to
much how the urls look like
Except make it short and readable as possible or decrypt it...
Of course we could make the param name different like x= ??
johan
Juergen Donnerstag wrote:
WebRequestWithCryptedUrl is highly experimental and still based on the
old URL parameter scheme. And yes, making "secure" customizable does
make sense.
Juergen
On 8/4/05, David Liebeherr <[EMAIL PROTECTED]> wrote:
Why does WebRequestWithCryptedUrl uses a string named "secure" for
the masked URL?
I mean isn't that an invitation for hackers?
What about extending it to customizabe the "secure" string:
public WebRequestWithCryptedUrl(final HttpServletRequest request,
final String paramName) ?
Or have i just not understood something?
Thanx,
Dave
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle
Practices
Agile & Plan-Driven Development * Managing Projects & Teams *
Testing & QA
Security * Process Improvement & Measurement *
http://www.sqe.com/bsce5sf
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle
Practices
Agile & Plan-Driven Development * Managing Projects & Teams *
Testing & QA
Security * Process Improvement & Measurement *
http://www.sqe.com/bsce5sf
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle
Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement *
http://www.sqe.com/bsce5sf
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle
Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
