tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian K. Wallace (JIRA)" <tapestry-...@jakarta.apache.org>
Subject [jira] Commented: (TAPESTRY-843) Friendly URL documentation concerning security and ugly URLs
Date Sun, 22 Jan 2006 22:40:17 GMT
    [ http://issues.apache.org/jira/browse/TAPESTRY-843?page=comments#action_12363592 ] 

Brian K. Wallace commented on TAPESTRY-843:
-------------------------------------------

There are many ways to work around this issue - the issue isn't that it's impossible to fix,
just that the current documentation implies that the friendly URL contribution is the answer
to security while it is not. (hence the patch is to documentation, not code)

> Friendly URL documentation concerning security and ugly URLs
> ------------------------------------------------------------
>
>          Key: TAPESTRY-843
>          URL: http://issues.apache.org/jira/browse/TAPESTRY-843
>      Project: Tapestry
>         Type: Bug
>   Components: Documentation
>     Versions: 4.0
>  Environment: All
>     Reporter: Brian K. Wallace
>  Attachments: Patch for Friendly URL security concern.patch
>
> The friendly URL documentation implies that enabling of friendly URLs is a way to enable
security for Tapestry generated URLs. While this part of the documentation is correct, it
implies that the 'ugly' URLs are no longer accessible - thereby enabling security for Tapestry
sites. This is not correct and should be documented (at the very least).
> Ideally, there should be a method in the framework itself that would disable access to
the original URLs if the friently URL contribution is made.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org


Mime
View raw message