Ramadi,
I can see your worries in the first scenario, in that if they type the URL
with the username password parameters they may submit these credentials over
http which could be intercepted. My two cents would be, if your user wishes
to do this you can do nothing about the request being sent
Mark,
Thank you for responding. My focus with these
questions is to prevent any unexpected behavior in the
application. It is sometimes amazing how hackers are
able to break an application! :)
So, with regards to #2, the problem is really not
about roles. These actions are already secure, but
-
From: Ramadi Pearse [mailto:[EMAIL PROTECTED]
Sent: 25 June 2005 14:58
To: Struts Users Mailing List
Subject: RE: Form Security
Mark,
Thank you for responding. My focus with these
questions is to prevent any unexpected behavior in the
application. It is sometimes amazing how hackers are
able
3 matches
Mail list logo
