All,
The following is my experience about the subject over the years and also includes what I learned so far.
What is the best practice for the security checking with the MVC design pattern? Over the years, I learned that the Struts developers have been using the following ideas for the security checking as the best practice.
1) No one has direct access to any JSP pages in the web applications.
Sorry just to pick out one point from your email but I always see people saying this about protecting their JSPs.
I always wonder why, because not one of my JSPs would run without an error if they were accessed directly, because they all need either a form bean or lists or arrays for dropdowns and so on.
Is there some security hole that hackers can exploit if they find a valid JSP url, even if it returns a 404?
Adam
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
