Hi, Such kind of security related issues should be reported to priv...@wicket.apache.org or to secur...@apache.org.
But in your case it is not a big deal because you use Wicket 1.2/1.3. As far as I remember JTrac is not updated since these versions of Wicket. Try by using PackageResourceGuard. Here is the documentation for Wicket 7.x [1] but it should be similar for 1.2/1.3 1. https://ci.apache.org/projects/wicket/guide/7.x/single.html#_package_resource_guard Martin Grigorov Wicket Training and Consulting Looking for a remote position with Wicket ? Contact me! https://twitter.com/mtgrigorov On Thu, Mar 1, 2018 at 7:14 AM, parth <parth.pa...@silvertouch.com> wrote: > *http://localhost:8080/my_project/app/resources/org.apache.wicket.ajax. > AbstractDefaultAjaxBehavior/* > > If user can enter this URL then he can see resouces of my project > > *Example :* > jtrac.hbm.xml > jtrac-init.properties > messages_ar.properties > messages_cs.properties > messages_de.properties > messages_el.properties > messages_en.properties > ... > > So i want to block this URL and not permit any user to show these details. > > Thank you. > > -- > Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum- > f1842947.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >