A basic problem with most web development is that
people are building security into their applications. It should be handled
outside of the application. You can have your application work in conjunction
with an external security mechanism for more granular control but I the security
mechanism should be external to the application for the most part.
You could use for example one of the
authorization and access modules for apache. Then when you create your
application you can create specific *protected* URLs for say an admin area.
Then only the person that is logged into the security mechanism with the proper
*authorization* can access that URL (or one that contains that URL and
parameters being passed to it in the URL). Security needs to be considered when
building the applications but trying to build it into the application is a big
mistake.
A big reason to not build it into the app is that
as your security requirements change you invariably have to make code changes to
your application. By using an external mechanism you just change the rules
governing the authorization and access control usually without any code changes
to your app.
|
- Re: Potential Security Flaw in Struts MVC Jeff Trent
- Re: Potential Security Flaw in Struts MVC Bryan Field-Elliot
- Re: Potential Security Flaw in Struts MVC Jeff Trent
- Re: Potential Security Flaw in Struts... Bryan Field-Elliot
- RE: Potential Security Flaw in Struts... Deadman, Hal
- Re: Potential Security Flaw in Struts... Craig R. McClanahan
- Re: Potential Security Flaw in S... Jeff Trent
- Re: Potential Security Flaw ... Jim Richards
- Re: Potential Security Flaw ... Martin Cooper
- Re: Potential Security Flaw ... Jim Richards
- RE: Potential Security Flaw in Struts MVC Martin Duffy
- RE: Potential Security Flaw in Struts MVC Anthony Martin
- Re: Potential Security Flaw in Struts MVC Jeff Trent
- Re: Potential Security Flaw in Struts MVC David Winterfeldt
- Re: Potential Security Flaw in Struts MVC Calvin Yu
- Re: Potential Security Flaw in Struts... Ted Husted
- Re: Potential Security Flaw in S... Calvin Yu
- Re: Potential Security Flaw in Struts MVC Peter Alfors
- Re: Potential Security Flaw in Struts MVC Jeff Trent
- Re: Potential Security Flaw in Struts... Peter Alfors
- Re: Potential Security Flaw in S... Jeff Trent