-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not sure of your environment, but I use ACEGI for this (and all other) types of security. It allows not only 'page' access, but also method/object access security. The thing I like most about it is that it completely (?) removes all security worries from Tapestry pages. [I'm not a fan at all of subclassing or invoking a listeners for things that are outside the web-app's concerns]
If your environment doesn't make the use of ACEGI a possibility, you're probably going to be relegated back into Tapestry/Hivemind-centric methodologies. The problem you're going to have with any solution is that you're not just "securing a piece", you're implementing a security framework in and around your app. While I don't view this as "a problem" or "problematic" (rather just a plain old good idea), it does mean you're going to need to do more than just a 'simple change' to implement it. (not saying anything proposed is 'hard', just that it requires thought and design to get it right) HTH Brian Andreas Bulling wrote: > First, thanks to all of you for your answers! > But as it seems that I wasn't able to properly explain > what I had in mind/what my problem is I will try again. ;) > > I didn't think of authentification (I also solved this > using a pageValidate() method) but of a security > layer for database accesses. Say for example a user > selects a record from a list of records by clicking on > a link with the record's id as a GET-parameter. > What if the user forks this GET parameter and is now > able to select any record he normally isn't allowed > to see? > > I would like to insert a layer which > (in the best case automatically) checks these > attacks (for example by looking at the database > and checking that the user is related to the > record by a foreign key relation). > > How to do this? > > Kind regards, > Andreas > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFEOS1OaCoPKRow/gARAiXQAJ4/OqJWj1W3wtiqDUl00SXXUMl2RgCeP6HU AuyVPwbYG+G3/1BvPYDmc6s= =5o0G -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
