Just for info, that page on the new wiki is at
http://cwiki.apache.org/WICKET/lifecycle-of-a-wicket-application.html
/Gwyn
On 06/11/06, Nick Heudecker [EMAIL PROTECTED] wrote:
I was reading the Lifecycle document at
http://www.wicket-wiki.org.uk/wiki/index.php/Lifecycle. It
says If the
HiOk, more poking around and here's what I think is happening ... Accessing the the login page directly via https://.../myWicketApp/login?wicket:bookmarkablePage=:com. works ok.after log in the app works ok and take the https in the URL as it is from the request...
However, myWicketApp has an
but then it is the ssl loadbalancer at fault here.Wicket just redirects what it has (and internally wicket redirects to relative urls)So weblogic makes it absolute (with http://servername:port
)But the ssl load balancer should rewrite that complete part. johanOn 11/6/06, Joshua Lim
[EMAIL
Hi!
I'd like to prevent brute force attacks on the login page of my wicket
application. What would be the best approach? This is what I'm thinking
about doing: Record when the last request for the loginpage from a
certain IP came in and only handle the request when at least a second or
two
Bad idea - some ISPs and proxys would be locked out... cachapta would be
solution of choice here.
Regards
Korbinian
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag
von Johannes Fahrenkrug
Gesendet: Montag, 6. November 2006 14:01
An:
Korbinian,
I'm sorry if I wasn't clear: I didn't plan on blocking anymore
permanently, just add one second delays if some IP was flooding me to
render brute force attacks useless and impractical.
Could you please explain cachapta / provide a link to an article?
Regards,
Johannes
Korbinian
Another option is to lower the throughput (number of login requests
handled per minute) for that IP address.
In this case you should probably use Wicket 2 to optimize session usage.
Erik.
Korbinian Bachl schreef:
Bad idea - some ISPs and proxys would be locked out... cachapta would be
Hello Johannes,
that's a good topic you've got here...
I agree to Korbinian that locking out IPs is a bad idea. One could
extend that to the combination of username/IP, but that could be worked
around with a more sofisticated script.
What do you think about logging false logins on a per-user
isn't this more the responsibility for the hardware/software that runs wicket?So Apache or WebLogic itself? That does the throttling?I wouldn't try to solve this in a webapplication. johan
On 11/6/06, Johannes Fahrenkrug [EMAIL PROTECTED] wrote:
Hi!I'd like to prevent brute force attacks on the
Could you please explain cachapta / provide a link to an article?
I suppose he means captcha. You should find this one on google ;-)
Pierre-Yves
Johannes Fahrenkrug a écrit :
Korbinian,
I'm sorry if I wasn't clear: I didn't plan on blocking anymore
permanently, just add one second
I guess that depends... I think you have to let the webapplication
handle it if you want to prevent brute force dictionary attacks on the
login page only. Especially if you want to do this on a per username
basis or even use captchas (thanks Pierre-Yves).
I don't think the hardware or the
I usually use captcha and a cache implementation(e.g. oscache, jboss cache) to save erroneous login attempts until user hits a configured maximum number of attempts. If maximum is achieved the user is blocked for a certain period of time.
On 11/6/06, Pierre-Yves Saumont [EMAIL PROTECTED] wrote:
Hello Rüdiger,
What do you think about logging false logins on a per-user basis, and
delay the response after the first false attempt by a couple of seconds
until another valid login for that user happened? I think the Linux
shell login works like that.
That's not a bad idea... that would
emm.. yes i meant captcha - look here for a working wicket example as well
as source-code:
http://www.steinhoefel.de/spots.htm
as this is a base point of security, it should be maintained by the
webapp...
Regards
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL
heck - wrong link from another posting... sorry:
http://www.wicket-library.com/wicket-examples/captcha
(the other one is of a story here:
http://www.heise.de/newsticker/meldung/80580 - in german only)
Regards
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL
On 11/3/06, Igor Vaynberg [EMAIL PROTECTED] wrote:
look into how the Palette is built, it does just that. or if you want you can use ajax.It is working now. I am using a slightly different approach though. Instead of overriding updateModel(), I use a property model on the hidden form field. When
Disadvantage is that the server will keep the request processing thread
occupied during the waiting period. A brute force attach that fires
multiple requests simultaneously will not be stopped by this and will
bring the server to its knees even more quickly. So Johan was right, you
should not
better encapsulation - it is the component's job to do the conversion in that case imho-igorOn 11/6/06, Erik Brakkee
[EMAIL PROTECTED] wrote:On 11/3/06,
Igor Vaynberg [EMAIL PROTECTED] wrote:
look into how the Palette is built, it does just that. or if you want you can use ajax.It is working
Erik,
Disadvantage is that the server will keep the request processing thread
occupied during the waiting period. A brute force attach that fires
multiple requests simultaneously will not be stopped by this and will
bring the server to its knees even more quickly. So Johan was right, you
I have an AbstractAjaxTimerBehavior added
to a FeedBackPanel that refreshes it every few seconds. On the same page I have
an AjaxLink that opens a ModalWindow. In the ModalWindow, a selection is made
and when it closes that value is written back to the parent.
The TimerBehaviour runs
Ok, in my case, the situation is exactly the same since the property
model refers to a property of the component itself and not to that of
some model provided by the user so I still have encapsulation.
Nevertheless, I will keep updateModel in mind. It is a nice method of
intercepting calls to the
Hi,
In my application I have the situation that when an object reaches a
certain state, it can no longer be modified or in some cases only
parts of the entities state may be modified.
As a result, what I need is a method of easily creating read-only
versions of a form where some or all fields
use an attrib modifier to append readonly=readonly attrib, or just disable the formcomponent-igorOn 11/6/06, Erik Brakkee
[EMAIL PROTECTED] wrote:Hi,In my application I have the situation that when an object reaches a
certain state, it can no longer be modified or in some cases onlyparts of the
Yeah I think that would be great Geoff, if you're willing to write code
for it. My next effort will probably be longer-running Hibernate
sessions, just because that's easier for me to pull off. But we could
try to do both in a new branch.
Databinder doesn't put a facade in front of Hibernate, nor
This would require a refactoring so that classes like
DatabinderProvider do not depend on DataRequestCycle, right? Hint,
hint =D.
http://databinder.net/forum/viewtopic.php?t=121
Michael Day
On Nov 6, 2006, at 2:14 PM, Nathan Hamblen wrote:
Yeah I think that would be great Geoff, if
Hello-How do you set the src attribute on an image? The examples are great if I want to load an image from a local resource, but how would i set the source to an absolute URL (on another server?)The options I see are:
1) extend Resource...2) add an html label: Label imgLabel = new Label(imgLabel,
Add in your html an img wicket:id=something/in your Java, add a simple webComponent, to the web component add a simpleAttributemodifier for the src attribute.At least, that would look something like this if I have to do it.
MarcOn 11/6/06, ryan mckinley [EMAIL PROTECTED] wrote:
Hello-How do you
Or just in your markup:
img src=http://wicketframework.org/css/banner-bg.png; /
Martijn
On 11/6/06, ryan mckinley [EMAIL PROTECTED] wrote:
Hello-
How do you set the src attribute on an image? The examples are great if I
want to load an image from a local resource, but how would i set the
Well, there's always AttributeModifier.
WebMarkupContainer wmc = new WebMarkupContainer(imgLabel);
wmc.add(new AttributeModifier(src, http://absoluteurl);
add(wmc);
On Mon, 2006-11-06 at 12:16 -0800, ryan mckinley wrote:
Hello-
How do you set the src attribute on an image?
Yes, I guess it might. And I'll reply to that forum Q tonight!
Nathan
On Mon, 2006-11-06 at 14:53 -0500, Michael Day wrote:
This would require a refactoring so that classes like
DatabinderProvider do not depend on DataRequestCycle, right? Hint,
hint =D.
Title: Nice urls and dynamic mount paths.
Hi,
I need to provide bookmarkable urls that look like the following, there will in fact be thousands and thousands of permutations for the path.
/browse/russia/forsale/all
/browse/france/property
/browse/greece/cars/for-sale
matej is already working on it afaik - the design is outlined on the wiki page, search for hybrid urls-igorOn 11/6/06, WATSON Matthew
[EMAIL PROTECTED] wrote:
Hi,
I need to provide bookmarkable urls that look like the following, there will in fact be thousands and thousands of
OK, I will direct my questions on integrating shades with databinder to the
databinder forum.
thanks,
geoff
Want to start your own business?
Learn how on Yahoo! Small Business.
Hi
Igor,
Thanks
for the feedback. Hybrid urls definately sound suitable. So
I'llwait for 2.0 then.
Cheers,
Matt
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Igor
VaynbergSent: Tuesday, 7 November 2006 10:57 AMTo:
thanks for the reply. appreciated... will try on the LB endOn 11/6/06, Johan Compagner
[EMAIL PROTECTED] wrote:
but then it is the ssl loadbalancer at fault here.Wicket just redirects what it has (and internally wicket redirects to relative urls)So weblogic makes it absolute (with
I just try to add some attribute and get it back later, but I find
that the [get|set]Attribute() are protected. I am take a look of the
of the javadoc but I still don't knwo how to get / set attributes to
session. Can anyone give me some more information?
create your own subclass of websession and instead of storing attributes create fields in the subclass with getters setters.then in your application subclass override getsessionfactory() and return one that creates your subclass.
-igorOn 11/6/06, Carfield Yim [EMAIL PROTECTED] wrote:
I just try to
37 matches
Mail list logo