tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Ieong <xela....@gmail.com>
Subject Re: URL question
Date Wed, 08 Dec 2004 04:29:17 GMT
If the parameters are too complex, DataSqueezer would be the only
choice. But I am not sure if it's a solution to such security issue.
Stealing information in URL is even easier than stealing from session.
But explaining it may be off topic.


On Wed, 08 Dec 2004 15:08:09 +1100, Andrew Pietsch <andrewp@forge.com.au> wrote:
> Hello all,
> 
> In our companies first Tapestry application I had the requirement to
> pass parameters between every page (to stop session stealing with
> multiple browser windows active).  To achieve this I created a custom
> DataSqueezer and subclassed every engine service to override
> service.getLink(...) to embed the custom parameters into every link and
> service.service(...) to extract them and insert them into every page.
> 
> While this approach worked a treat, I was wondering if:
> a) it was indeed the correct approach for this problem (as it seemed a
> little messy).
> b) the new URL mechanisms being developed for 3.1 might simplify this.
> 
> Thanks and cheers
> Andrew
> 
> --
> Andrew Pietsch
> Forge Research Pty Ltd
> Suite 116, Bay 9, Locomotive Workshop
> Australian Technology Park, Cornwallis Street
> Eveleigh NSW 1430 Australia
> Phone: +61 2 9209 4152 Fax: +61 2 9209 4172
> www.forge.com.au
> 
> ******************************************************************
> This message contains privileged and confidential information intended
> only for the use of the addressee named above. If you are not the
> intended recipient of this message you must not disseminate, copy or
> take any action in reliance on it. If you have received this message
> in error please notify the sender immediately. Any views expressed in
> this message are those of the individual sender, except where the
> sender specifically states them to be the views of another (including
> a Body Corporate).
> If you wish to opt out from future messages, send an email to
> unsubscribe@forge.com.au with the subject UNSUBSCRIBE
> ******************************************************************
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org


Mime
View raw message