On Wed, 31 May 2000, you wrote:
> Hi,
>
> I was just thinking (I know, always dangerous...)
>
> Given the nature of a call to the Turbine servlet, someone could mix and match the
>action screen calls maliciously - .../action/ResetDB/screen/HomePage
This is why you can also check security in the Action
( see the scheduler stuff ).
But lets say they did have the proper permission and were malicious
(then you'd know who they are when they login). They would
also have to pass the correct parameters to the Action etc... In other
words, they would need to understand _how_ your application was
working. This is security through obscurity but it's still a speedbump.
Nothing can be made completely secure. But I think Turbine does a good
job making it easy for a developer to make the app as secure as
possible.
--
dave
[EMAIL PROTECTED]
----------------------
Just your average Joe armed with an Emacs editor.
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
