Hosting Provided By

Re: JSP Security - Limiting URL's

From: Jeremy Poteet <jpoteet(at)tech-partners.com>
Date: Tue Dec 10 2002 - 09:42:40 EST

While I agree with the basic concept, most of the systems I see don't require this across the entire system, but have discrete areas where the order of pages is important. For example, signing up for an account takes three steps or buying a product is a four step process.

The concept we discuss with our customers is that of a "bookmarkable URL". If a user should be able to bookmark a page and go directly to it, then make it a new JSP/ASP/Servlet/etc. On the other hand, if it is a step in a process, such as it doesn't make sense to jump directly to the confirmation page, then those steps should be encapsulated behind a single page.

So, while I agree with the concept, I would suggest it be used where appropriate rather than blindly used for all cases.

Jeremy Poteet
Chief Technology Officer
Technology Partners, Inc.
1-877-636-1331 x105 (toll free)
636-519-1221 x105
http://www.tech-partners.com

On 12/9/02 4:42 PM, "securityarchitect@hush.com" <securityarchitect@hush.com> wrote:

>
> http://www.onjava.com/pub/a/onjava/2001/06/27/java_security.html
Received on Tue Dec 10 10:05:05 2002

This message: [ Message body ]
Next message: zeno: "Re: XSS"
Previous message: Dave Aitel: "Re: Apache module: mod_security"
In reply to: securityarchitect(at)hush.com: "JSP Security - Limiting URL's"
In reply to Jeff Williams (at) Aspect: "Re: JSP Security - Limiting URL's"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:46 EDT