That's great news, thanks.
P.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Igor Vaynberg
Sent: 20 June 2007 18:17
To: wicket-user@lists.sourceforge.net
Subject: Re: [Wicket-user] "random=" attribute in requests -- safe to
modify?
afaik we do not use it on serverside.
as far as spoofing goes, the url itself is already session-relative so it is
already pretty hard to spoof :)
-igor
On 6/20/07, Russell, Paul < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:
Hi guys,
We're currently running some performance tests on our Wicket 1.2.4-based
application using loadrunner. We're seeing a high level of failed requests
(in the order of 50%, I am told), which is preventing us taking this
further. My suspicion is that there's an issue with the loadrunner scripts
rather than with the application itself, and the first thing I want to
eliminate that we've got a flawed assumption around the "random" attribute
added to URLs such as the following:
https://xxxxxxx/SOAEnablementWeb/soa?wicket:interface=:2:theForm:personSearc
<https://xxxxxxx/SOAEnablementWeb/soa?wicket:interface=:2:theForm:personSear
c>
h:showPersonSearchResults:personSearchResults:searchResults:list:1:link:-1:I
UnversionedBehaviorListener&wicket:behaviorId=3&wicket:ignoreIfNotActive=tru
e&random=0.23572425147004144
I had made the 'intelligent guess' when talking to the loadrunner guys that
the 'random' attribute was present only to prevent badly behaved proxy
servers caching dynamic pages, and that Wicket completely ignored the
attribute when it comes to processing the request. I just want to check with
you guys that that assumption is correct? It did occur to me that the
attribute could conceivably be being used as a security measure to lessen
the chances of a successful URL spoofing attempt.
Thanks for your time,
Paul
This e-mail (and any attachments) may contain privileged and/or confidential
information. If you are not the intended recipient please do not disclose,
copy, distribute, disseminate or take any action in reliance on it. If you
have received this message in error please reply and tell us and then delete
it. Should you wish to communicate with us by e-mail we cannot guarantee the
security of any data outside our own computer systems. For the protection of
Legal & General's systems and staff, incoming emails will be automatically
scanned.
Any information contained in this message may be subject to applicable terms
and conditions and must not be construed as giving investment advice within
or outside the United Kingdom.
The following companies are subsidiary companies of the Legal & General
Group Plc which are authorised and regulated by the Financial Services
Authority for advising and arranging the products shown: Legal & General
Partnership Services Limited (insurance and mortgages), Legal & General
Insurance Limited (insurance), Legal & General Assurance Society Limited
(life assurance, pensions and investments), Legal & General Unit Trust
Managers Limited and Legal & General Portfolio Management Services Limited
(investments).
They are registered in England under numbers shown.
The registered office is Temple Court, 11 Queen Victoria Street, London EC4N
4TP.
Legal & General Partnership Services Limited: 5045000 Legal & General
Assurance Society Limited: 166055 Legal & General (Unit Trust Managers)
Limited: 1009418 Legal & General (Portfolio Management Services) Limited:
2457525 Legal & General Insurance Limited: 423930
They are registered with the Financial Services Authority under numbers
shown. You can check this at www.fsa.gov.uk/register
<http://www.fsa.gov.uk/register>
Legal & General Partnership Services Limited: 300792 Legal & General
Assurance Society Limited: 117659 Legal & General (Unit Trust Managers)
Limited: 119273 Legal & General (Portfolio Management Services) Limited:
146786 Legal & General Insurance Limited: 202050
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/ <http://sourceforge.net/powerbar/db2/>
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net <mailto:Wicket-user@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/wicket-user
<https://lists.sourceforge.net/lists/listinfo/wicket-user>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
