tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Pietsch <andr...@forge.com.au>
Subject Re: URL question
Date Wed, 08 Dec 2004 04:35:40 GMT
Hi Alex,

My use of the word "stealing" was misleading. it wasn't a security 
issue, it was actually to do with implementing a simple URL rewriting 
scheme.  The data we're passing is just a simple string and a long.


Alex Ieong wrote:

>If the parameters are too complex, DataSqueezer would be the only
>choice. But I am not sure if it's a solution to such security issue.
>Stealing information in URL is even easier than stealing from session.
>But explaining it may be off topic.
>On Wed, 08 Dec 2004 15:08:09 +1100, Andrew Pietsch <andrewp@forge.com.au> wrote:
>>Hello all,
>>In our companies first Tapestry application I had the requirement to
>>pass parameters between every page (to stop session stealing with
>>multiple browser windows active).  To achieve this I created a custom
>>DataSqueezer and subclassed every engine service to override
>>service.getLink(...) to embed the custom parameters into every link and
>>service.service(...) to extract them and insert them into every page.
>>While this approach worked a treat, I was wondering if:
>>a) it was indeed the correct approach for this problem (as it seemed a
>>little messy).
>>b) the new URL mechanisms being developed for 3.1 might simplify this.
>>Thanks and cheers
>>To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org
>To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org

Andrew Pietsch
Forge Research Pty Ltd
Suite 116, Bay 9, Locomotive Workshop
Australian Technology Park, Cornwallis Street
Eveleigh NSW 1430 Australia
Phone: +61 2 9209 4152 Fax: +61 2 9209 4172

This message contains privileged and confidential information intended
only for the use of the addressee named above. If you are not the
intended recipient of this message you must not disseminate, copy or
take any action in reliance on it. If you have received this message
in error please notify the sender immediately. Any views expressed in
this message are those of the individual sender, except where the
sender specifically states them to be the views of another (including
a Body Corporate).
If you wish to opt out from future messages, send an email to
unsubscribe@forge.com.au with the subject UNSUBSCRIBE

To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org

View raw message