Ditto on Spring Security, very nice for URL auth. -----Original Message----- From: Dale Newfield [mailto:d...@newfield.org] Sent: Saturday, August 08, 2009 12:02 PM To: Struts Users Mailing List Subject: Re: Struts - Security
Kamlesh Koringa wrote: > - URL encryption (no one can modify generated URL). Impossible. You cannot prevent people from requesting URLs your system does not present to them. You should assume that any parameter that you accept from a user can be manipulated at will by that user. You can jump through hoops to make valid alternate values difficult to guess, but that's it. You should always check the inputs and make sure that the requested action is a valid one for that user before allowing the requested action to continue. > - URL authorization. "Spring Security" formerly known as acegi. -Dale --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
