Arthur Ahiceh wrote:
> ok! you have not used the word "easily" but only saying "There are more
> hardening options such as encrypting urls" it only seems that encrypting
> urls the problem is solved and it is not the case! The user has to
> implement a custom security factory, one different than provided by Wicket
> (SunJceCrypt), to resolve CSRF.
>
Come on, I did not (intend to) suggest that URL encryption solves CSRF
attacks. It is *another* hardening strategy.
Erik.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
