Well, of course each action should have its control of the access.
I meant: hide the links and control through the actions, so no one will
access them with a direct link.

On 1/11/06, Thomas Joseph <[EMAIL PROTECTED]> wrote:
>
> > Hide the links.This way, you won't let him lose time trying to access
> things
> > he can't and his view of the interface will be more clear.
> >
> But that won't do good, if for clever people, who would play with the URLs
> with their limited access rights and access what is not meant for them.
> Probably encoding URLs could do some help in that way.
>
> In this mailing list , often people post doubts related to general
> architecture and practices. However the list is too good to answer almost
> all of them, but still people would like to know where they can have a
> mailing list to know the  "Best  Practices" as such. Can anyone help out
> here!!?
>
> Thanks
>
> Thomas Joseph
>
> > On 1/11/06, Rivka Shisman <[EMAIL PROTECTED]> wrote:
> > >
> > > Hi everyone,
> > >
> > > We have a web application running on Websphere Application Server V6.
> > > Say I have a JSP page that enables working on Student details.
> > > This JSP page enables users to view, insert, update or delete student
> > > records.
> > > Now, some users can only use the 'View' link, others can also use
> > > 'Insert' link, and some other users can only update.
> > >
> > > From what i know, i can hold a DB table that indicates for each user
> and
> > > table - which operations are allowed.
> > > But, my question is - what is the right way to do that on the JSP
> page?
> > > Do i call this security table on each page load and hide the
> > > unauthorized links? Or, do always show all the links and just let the
> > > database throw an exception and give a message to the user, when
> he/she
> > > presses an unauthorized link? Or is there a third and better way?
> > >
> > > Thanks
> > > Rivka
> > >
> > >
>
>
> --
> Letícia Álvares Barbalho
> [EMAIL PROTECTED]
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
Letícia Álvares Barbalho
[EMAIL PROTECTED]

Reply via email to