On Tue, 02 Feb 2010 16:30:02 -0200, cordenier christophe
<christophe.corden...@gmail.com> wrote:
OWASP A4 is : Avoid Insecure Direct Object References (in URL in my case)
Suggested implementation is to indirect all direct reference to entity
ids for exemple.
As long as you check if the user can access that object, I don't any major
problem with exposing object ids.
--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
and instructor
Owner, software architect and developer, Ars Machina Tecnologia da
Informação Ltda.
http://www.arsmachina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org