When you have internet facing application , its important not to expose
direct object reference on UI to protect security vulnerability(where user
can retrieve the unauthorized data by merely changing the primary key).
When you are righting the application from scratch there are various ways
you
Exposing the primary key is not a security issue; you always have to key
off something. What you need is business logic that ensures that a user may
only access what he may. That's not a Struts issue; it's logic that you
need to add in your business services.
On Fri, Nov 29, 2013 at 11:24 PM,
I agree its not a struts 2 issue. My intention of question is just to ask
does struts 2 provide any kind of implementation off the shelf (some kind
of interceptor or any other approach)to address this. Thanks in advance
On Sat, Nov 30, 2013 at 12:16 PM, Paul Benedict pbened...@apache.orgwrote:
3 matches
Mail list logo
