That article is ridiculous. I really want to see what kind of hidden field vulnerability wicket has. We don't put anything to hidden field we wouldn't put in the URL.
-Matej On Wed, Jul 30, 2008 at 11:49 PM, Martijn Dashorst <[EMAIL PROTECTED]> wrote: > How is HiddenField insecure in your opinion? > > Martijn > > On Wed, Jul 30, 2008 at 10:59 PM, Korbinian Bachl - privat > <[EMAIL PROTECTED]> wrote: >> HI, >> >> under >> http://www.theserverside.com/tt/articles/article.tss?l=AreJavaWebApplicationsSecure >> is an article covering java WebApps & security; On part 2 it also looks at >> webframeworks for java including wicket 1.3.x - it mentions >> >> "Wicket has only one component (HiddenField) vulnerable to integrity >> attacks." >> >> maybe this gap could be closed? Also the rest seems aso quite interesting. >> >> Best, >> >> Korbinian >> >> > > > > -- > Become a Wicket expert, learn from the best: http://wicketinaction.com > Apache Wicket 1.3.4 is released > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3. >
