Yeah, that's a quite annoying way from them to sell their product. More than half of it isn't even really related to web frameworks, but to how people use them. Injection flaws for instance... duh.
Eelco On Wed, Jul 30, 2008 at 2:53 PM, Matej Knopp <[EMAIL PROTECTED]> wrote: > That article is ridiculous. I really want to see what kind of hidden > field vulnerability wicket has. We don't put anything to hidden field > we wouldn't put in the URL. > > -Matej > > On Wed, Jul 30, 2008 at 11:49 PM, Martijn Dashorst > <[EMAIL PROTECTED]> wrote: >> How is HiddenField insecure in your opinion? >> >> Martijn >> >> On Wed, Jul 30, 2008 at 10:59 PM, Korbinian Bachl - privat >> <[EMAIL PROTECTED]> wrote: >>> HI, >>> >>> under >>> http://www.theserverside.com/tt/articles/article.tss?l=AreJavaWebApplicationsSecure >>> is an article covering java WebApps & security; On part 2 it also looks at >>> webframeworks for java including wicket 1.3.x - it mentions >>> >>> "Wicket has only one component (HiddenField) vulnerable to integrity >>> attacks." >>> >>> maybe this gap could be closed? Also the rest seems aso quite interesting. >>> >>> Best, >>> >>> Korbinian >>> >>> >> >> >> >> -- >> Become a Wicket expert, learn from the best: http://wicketinaction.com >> Apache Wicket 1.3.4 is released >> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3. >> >
