Sent: Wednesday, June 09, 2004 5:22 AM
Subject: RE: design security issue
> Well, you could do something as simple as setting a session attribute
every
> time an Action is called that stores what page was accessed, but before
> doing that you check what value is there already and if i
JSP?
Cai Peng
-Original Message-
From: Zhang, Larry (L.) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 09, 2004 6:15 AM
To: Struts Users Mailing List
Subject: RE: design security issue
Thank you Frank and Yuanbo, for the points. Our application is set up in
SSL and password
nd bypass
that little check in the Actions.
Frank
From: "Zhang, Larry (L.)" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Subject: RE: design security issue
Date: Tue
one manage has a lot of
employees so I want to make sure the data is not somehow messed up.
Thanks.
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 5:41 PM
To: [EMAIL PROTECTED]
Subject: RE: design security issue
Excellent point, thanks for
Excellent point, thanks for adding it!
Frank
From: "Wang, Yuanbo" <[EMAIL PROTECTED]>
Reply-To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Subject: RE: design security issue
Date: Tue, 8 Jun
One comment. Make sure your ActionServlet intercepts all URL patterns so
any HTTP request need to get session validated first.
Yuanbo
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 3:34 PM
To: [EMAIL PROTECTED]
Subject: RE: design security
To really do security properly, you really should externalize it using a
product like Netegrity's SiteMinder. That would be my first suggestion, but
there is considerable cost in something like that, so it's not right for
everyone or every situation.
So, you can do some more minor things withi
7 matches
Mail list logo
