Newbie question about T5 urls

[nick shaw]

Hi

I am new to Tapestry5 and I have a question about page urls:

I have a page called admin/ManageContent which I access with
http://server/context-root/admin/manageContent.

I have now secured the page using Acegi so only admin users can access pages
that match /admin/*, so typing the above url into my browser redirects me to
the login page which is great. But is there any way a malicious user could
could bypass the acegi filter to access the page? I know it was possible to
do something like this with T4's friendlyUrls feature.

Nick

Re: Newbie question about T5 urls

[nick shaw]

Great, that puts my mind at ease!

Thanks Filip

On Wed, Sep 3, 2008 at 9:22 PM, Filip S. Adamsen [EMAIL PROTECTED] wrote:

 Nope, that's not possible anymore.

 The reason it worked in T4 is that friendly URLs were just aliases for
 the real Tapestry URLs. That's not how it is in T5.

 -Filip


 On 2008-09-03 14:33, nick shaw wrote:

 Hi

 I am new to Tapestry5 and I have a question about page urls:

 I have a page called admin/ManageContent which I access with
 http://server/context-root/admin/manageContent.

 I have now secured the page using Acegi so only admin users can access
 pages
 that match /admin/*, so typing the above url into my browser redirects me
 to
 the login page which is great. But is there any way a malicious user could
 could bypass the acegi filter to access the page? I know it was possible
 to
 do something like this with T4's friendlyUrls feature.

 Nick


 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]