An old link http://www.owasp.org/index.php/Top_10_2007-Insecure_Direct_Object_Reference but principle is there.
2010/2/2 cordenier christophe <christophe.corden...@gmail.com> > OWASP A4 is : Avoid Insecure Direct Object References (in URL in my case) > > Suggested implementation is to indirect all direct reference to entity ids > for exemple. > > BTW The solution provided by Howard works like a charm, i will add it to my > guideline. > > Thanks again, > Christophe. > > 2010/2/2 Thiago H. de Paula Figueiredo <thiag...@gmail.com> > > On Tue, 02 Feb 2010 16:08:41 -0200, cordenier christophe < >> christophe.corden...@gmail.com> wrote: >> >> Actually i am trying to decorate ComponentEventLinkEncoder to implement a >>> solution for OWASP A4 recommandation. >>> >> >> Which recommendation? Just curious. :) >> >> -- >> Thiago H. de Paula Figueiredo >> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, >> and instructor >> Owner, software architect and developer, Ars Machina Tecnologia da >> Informação Ltda. >> http://www.arsmachina.com.br >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> >
