On Wednesday 22 Mar 2006 08:29, Juergen Donnerstag wrote: > I think the last time we discussed that topic the conclusion was that > no immediate action is required as most applications which require > https tend to have only a very limited number of http pages. >
This doesn't really sound right to me. Any application that requires users to be logged in to perform actions must use https on all of the pages involved so that their session cannot be hijacked. For example, my application has many 'member' pages where users can write reviews, update their profile etc. Surely this is a pretty common scenario? ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Wicket-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wicket-user
