Great, that puts my mind at ease! Thanks Filip
On Wed, Sep 3, 2008 at 9:22 PM, Filip S. Adamsen <[EMAIL PROTECTED]> wrote: > Nope, that's not possible anymore. > > The reason it worked in T4 is that friendly URLs were just "aliases" for > the real Tapestry URLs. That's not how it is in T5. > > -Filip > > > On 2008-09-03 14:33, nick shaw wrote: > >> Hi >> >> I am new to Tapestry5 and I have a question about page urls: >> >> I have a page called admin/ManageContent which I access with >> http://server/context-root/admin/manageContent. >> >> I have now secured the page using Acegi so only admin users can access >> pages >> that match /admin/*, so typing the above url into my browser redirects me >> to >> the login page which is great. But is there any way a malicious user could >> could bypass the acegi filter to access the page? I know it was possible >> to >> do something like this with T4's friendlyUrls feature. >> >> Nick >> >> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >