Hi,
I was just thinking (I know, always dangerous...)
Given the nature of a call to the Turbine servlet, someone could mix and match the
action screen calls maliciously - .../action/ResetDB/screen/HomePage
I guess that the login/permissions process should limit to some extent what can be
done - but for the cases that still get through, I presume the actions need to be
fairly defensive to ensure that the screens get called in the correct way - although
in some ways you don't want to be too prescriptive, as this limits the power of the
model.
Any comments on whats been done to date regarding this kind of thing? Or am I
worrying about nothing?
Thanks,
Chris
---
"Some people just don't think before they kill a henchman"
[ http://www.advogato.org/person/kimptoc/ ]
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
