Though given the malicious nature of the attempt, you don't want to give
too much information. That's why just setting a HTTP status (like
expired or not authorized could also be a good idea (combined with
logging ofcourse).
Eelco
Martijn Dashorst wrote:
Hmm,
I think this should result in an error, either:
- someone is maliciously tampering with your application
- there is a bug in your application or the wicket framework
In both cases this should result in an error page, and not fail
silently. I suppose this could be made configurable in the same way
the error page is configurable.
Martijn
Matej Knopp wrote:
The easiest would be to do nothing. Do as normal, just ignore the
action. So if put in a url that would trigger action on invisible
component, I would just get redirected to
appName?component=X&interface=IRedirectLitener,...etc
Another one would be displaying an error page (like expired page).
But I think the first one is a better (and simpler) solution, but
that's only my opiniton (and it's more a feeling than an opinion :))
-Matej
Eelco Hillenius wrote:
Hmmm. Sure looks like an unwanted backdoor. I agree we should fix
this. What do you think would be the proper action to take when
Wicket regconizes that an invisible component is called?
Eelco
Matej Knopp wrote:
Hi. I'm using wicket 1.0 and I just realized, that it is possible
to invoke action (ILinkListener, etc) on an invisible component.
Is this intentional?
Because in my application it causes problems. For example I've page
with my bean properties and several buttons to edit/manipulate it.
I show/hide these buttons according to current user rights. But
even if they are not visible, they can be invoked through url very
simply.
Can anything be done to prevent this?
I tried to alter this behavieor but didn't succeeded as every
method in WebRequest dealing with invoking is either private or
final. (I know it's a design decision and I accept it, no rambling
here :))
-Matej
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user