> Hide the links.This way, you won't let him lose time trying to access things > he can't and his view of the interface will be more clear. > But that won't do good, if for clever people, who would play with the URLs with their limited access rights and access what is not meant for them. Probably encoding URLs could do some help in that way.
In this mailing list , often people post doubts related to general architecture and practices. However the list is too good to answer almost all of them, but still people would like to know where they can have a mailing list to know the "Best Practices" as such. Can anyone help out here!!? Thanks Thomas Joseph > On 1/11/06, Rivka Shisman <[EMAIL PROTECTED]> wrote: > > > > Hi everyone, > > > > We have a web application running on Websphere Application Server V6. > > Say I have a JSP page that enables working on Student details. > > This JSP page enables users to view, insert, update or delete student > > records. > > Now, some users can only use the 'View' link, others can also use > > 'Insert' link, and some other users can only update. > > > > From what i know, i can hold a DB table that indicates for each user and > > table - which operations are allowed. > > But, my question is - what is the right way to do that on the JSP page? > > Do i call this security table on each page load and hide the > > unauthorized links? Or, do always show all the links and just let the > > database throw an exception and give a message to the user, when he/she > > presses an unauthorized link? Or is there a third and better way? > > > > Thanks > > Rivka > > > > -- Letícia Álvares Barbalho [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
