This is not much security since I can still create a post form myself. I would check for authorization from the actions (or before invoking the actions using interceptors/filters)
--- Joris Verschoor <[EMAIL PROTECTED]> wrote: > > If you don't do this somebody could enter an administrator link / > image > on a forum / comment / whatever that can modify / delete data, or > change > passwords. > > In my own framework, I called doPost() and doGet() just like in > servlets. Only doing dataretrievement and cachable things in doGet. > Any > action that will cause a db modification is done in doPost(); > I'm converting to webwork, because I really like the simplicity of > it. > I needed the same kind of functionality, so I created a simple > isPosted() method to check it, but this also ties me to the web. I > don't > really care, but a lot of people do. > I was thinking about creating an interceptor, but it seemed to much > > trouble.. I don't like xml files for this. > > > I was wondering how you solve this, if you even thought about it at > all. > > > Joris > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for > IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys > admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
