You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Jurriaan Pruys (Commented) (JIRA)" <ji...@apache.org> on 2012/02/14 14:14:59 UTC
[jira] [Commented] (WICKET-4407) Url segments in CryptoMapper may
be larger than 260 chars => HTTP 400 - 'Bad request' when using IIS
[ https://issues.apache.org/jira/browse/WICKET-4407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13207694#comment-13207694 ]
Jurriaan Pruys commented on WICKET-4407:
----------------------------------------
Found an issue with my implementation (doesn't work with images references in a CSS). Start to work on an example which creates smaller segments.
> Url segments in CryptoMapper may be larger than 260 chars => HTTP 400 - 'Bad request' when using IIS
> ----------------------------------------------------------------------------------------------------
>
> Key: WICKET-4407
> URL: https://issues.apache.org/jira/browse/WICKET-4407
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 1.5.4
> Environment: IIS
> Reporter: Jurriaan Pruys
> Priority: Minor
>
> CryptoMapper encrypts the whole Url into a single segment. As a result the encrypted url segment can be very long (> 260 characters). The default maximum url segment size for IIS is 260 characters (see http://support.microsoft.com/kb/820129). The warning note for changing this default is "Changing this registry key is considered extremely dangerous. This key causes Http.sys to use more memory and may increase vulnerability to malicious attacks."
> I've created my own CryptoMapper that puts the encrypted request in a request parameter. This works fine, but it would be nice to have this as a (configurable | default) behavior of CryptoMapper.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira