Tapestry 5
  1. Tapestry 5
  2. TAP5-874

Form component should be able to render a secure URL even on an insecure page

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 5.1.0.5
    • Fix Version/s: 5.2.2
    • Component/s: tapestry-core
    • Labels:
      None

      Description

      It would be nice if one could make a <t:form> post to SSL by specifying t:secure="true" on the form component.

      It is a quite common design pattern nowadays to have a login form on each page. It is mostly not necessary however to access all pages via https.

      This is useful when the common Layout includes a quick login form.

        Activity

        Hide
        Ben Gidley added a comment -

        Although this is a nice feature it is a security risk.

        A man in the middle could change the posting path for the login form to their own site and harvest usernames/passwords. This doesn't mean it shouldn't be implemented but if it is the docs should warn about this risk. A site requiring strong security (e.g. banking/payments) shouldn't use this pattern.

        Show
        Ben Gidley added a comment - Although this is a nice feature it is a security risk. A man in the middle could change the posting path for the login form to their own site and harvest usernames/passwords. This doesn't mean it shouldn't be implemented but if it is the docs should warn about this risk. A site requiring strong security (e.g. banking/payments) shouldn't use this pattern.
        Hide
        Hudson added a comment -

        Integrated in tapestry-5.2-freestyle #217 (See https://hudson.apache.org/hudson/job/tapestry-5.2-freestyle/217/)

        Show
        Hudson added a comment - Integrated in tapestry-5.2-freestyle #217 (See https://hudson.apache.org/hudson/job/tapestry-5.2-freestyle/217/ )

          People

          • Assignee:
            Howard M. Lewis Ship
            Reporter:
            Olle Hallin
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development