> That part of the thread is what I was replying to - that it was then > insecure because the DB ID is in the URL. This is not a standard way of > doing most links in Wicket - because of the security leak....
A workaround is to use one-time keys (tokens) in a map that you set for the URL and then destructively get in the constructor. What the token points to (the "real" id) is kept server-side. This will be non-RESTful though since the URL will not represent the resource any longer once it has been used. You could maybe even implement that as a custom URLCodingStrategy or whatever new mechanism in 1.5 is better suited for the task. The simplest case would be just to have a singleton mapper with two methods, one for adding (returning token for value) and one for removing (returning value for token) where the token is just a sequence number. To make it more complicated the service could be registered as a JNDI resource or a OSGi bundle... :) - Tor Iver --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org