OWASP A4 is : Avoid Insecure Direct Object References (in URL in my case) Suggested implementation is to indirect all direct reference to entity ids for exemple.
BTW The solution provided by Howard works like a charm, i will add it to my guideline. Thanks again, Christophe. 2010/2/2 Thiago H. de Paula Figueiredo <thiag...@gmail.com> > On Tue, 02 Feb 2010 16:08:41 -0200, cordenier christophe < > christophe.corden...@gmail.com> wrote: > > Actually i am trying to decorate ComponentEventLinkEncoder to implement a >> solution for OWASP A4 recommandation. >> > > Which recommendation? Just curious. :) > > -- > Thiago H. de Paula Figueiredo > Independent Java, Apache Tapestry 5 and Hibernate consultant, developer, > and instructor > Owner, software architect and developer, Ars Machina Tecnologia da > Informação Ltda. > http://www.arsmachina.com.br > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
