In addition to what is normally available to Java Servlets, you can also design your application so that all requests pass through the controller first. This gives you an opportunity to vet each request before it is handled, or forwarded out to a JSP. Also, a tiered design can serve as a firewall between HTTP and the business end of your application, so that your business objects are not accessible by HTTP. The request goes to the controller, who can mediate any security concerns, and then decide whether or not to send the data out to a JSP. This also means that Web designers can't inadvertently disable security by breaking some scriptlet. If the user is not authorized, the data is neither retrieved nor handed to the JSP.
-- Ted Husted, Husted dot Com, Fairport NY USA. -- Custom Software ~ Technical Services. -- Tel +1 716 737-3463 -- http://www.husted.com/struts/ Daniel Jimenez wrote: > > This issue has probably already been covered but if someone could lend me a hand in >describing any security benefits of having an MVC framework. > > I'm not a security expert by any means, but my gut reaction is that the struts >framework provides some increase in security. Could someone respond back and >describe what they are or aren't? > > Thanks in advance!! > Dan Jimenez > Briggs & Stratton > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
