OWASP A4 is : Avoid Insecure Direct Object References (in URL in my case)

Suggested implementation is to indirect all direct reference to entity ids
for exemple.

BTW The solution provided by Howard works like a charm, i will add it to my
guideline.

Thanks again,
Christophe.

2010/2/2 Thiago H. de Paula Figueiredo <thiag...@gmail.com>

> On Tue, 02 Feb 2010 16:08:41 -0200, cordenier christophe <
> christophe.corden...@gmail.com> wrote:
>
>  Actually i am trying to decorate ComponentEventLinkEncoder to implement a
>> solution for OWASP A4 recommandation.
>>
>
> Which recommendation? Just curious. :)
>
> --
> Thiago H. de Paula Figueiredo
> Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
> and instructor
> Owner, software architect and developer, Ars Machina Tecnologia da
> Informação Ltda.
> http://www.arsmachina.com.br
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>

Reply via email to