Are you using Hibernate? You can use a "filter" in Hibernate (http://www.hibernate.org/hib_docs/v3/reference/en/html/filters.html) to filter out the "illegal" objects from the query results.
-----Original Message----- From: Andreas Bulling [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Bulling Sent: Sunday, April 09, 2006 11:22 AM To: Tapestry users Subject: Re: Best practice: Security Layer First, thanks to all of you for your answers! But as it seems that I wasn't able to properly explain what I had in mind/what my problem is I will try again. ;) I didn't think of authentification (I also solved this using a pageValidate() method) but of a security layer for database accesses. Say for example a user selects a record from a list of records by clicking on a link with the record's id as a GET-parameter. What if the user forks this GET parameter and is now able to select any record he normally isn't allowed to see? I would like to insert a layer which (in the best case automatically) checks these attacks (for example by looking at the database and checking that the user is related to the record by a foreign key relation). How to do this? Kind regards, Andreas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
