On Sun, Jun 8, 2008 at 5:00 AM, maxthesecond <[EMAIL PROTECTED]> wrote: > As for loggin the request-filter option is very attractive, all that crap in > just one place.
I've been wondering about the request filter... To determine which page is being accessed, I've been parsing the path myself, using code I cut and pasted out of tapestry internals. I got this method from http://wiki.apache.org/tapestry/Tapestry5HowToControlAccess, which incidentally doesn't work with the past couple of releases. My issue is, I feel like this is a potential security problem. If Tapestry changes how it parses the path, an attacked could conceivably create a request that I think is for one page in my security dispatcher, while it is really for another. Is there a service I can inject to get the page that Tapestry has parsed out? -- njl --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
