I can appreciate your concern. And it's always good to emphasize
security concerns. But you are suggesting that I (or any developer)
would write some Action that would accept this UserForm, including the
sensitive admin flag, without checking as to whether the admin flag is
acceptable in the application's current state. This would indeed be a
casual and naive web application developer. For example, the app
shouldn't pay attention to the admin flag unless the current user is
already in some kind of administrative role.
There are many security concerns related to web applications. I haven't
actually ever found a good, consise and reasonably complete article on
them.
Will
----- Original Message -----
From: "Jeff Trent" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 07, 2001 12:51 PM
Subject: Re: Potential Security Flaw in Struts MVC
> Curt,
>
> I don't dispute what your saying. However, to the casual struts user
this
> fact may be easily overlooked and exploited by a hacker.
>
> - jeff
>
> ----- Original Message -----
> From: "Curt Hagenlocher" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, May 07, 2001 12:10 PM
> Subject: RE: Potential Security Flaw in Struts MVC
>
>
> > > However, if someone is familiar with the db schema and the
> > > naming convention the developer used, that user could subvert
> > > the application by writing his own version of the UI which
> > > contains an "Administrative User Flag" field (or any other
> > > field for that matter) and the basic form processing in
> > > Struts will kindly honor the request and set the
> > > "Administrative Flag" on the user. Unless, of course, the
> > > developer makes special provisions to prevent this behavior.
> >
> > Creating a secure web application means that *every* HTTP
> > request should be checked for validity. Any data that comes
> > from the client is suspect. This is no more or less true
> > with Struts than without it.
> >
> > --
> > Curt Hagenlocher
> > [EMAIL PROTECTED]
> >
>
