On 6/2/10 11:22 PM, Stephane Cosmeur wrote:
I would like to improve the security of my web application. My problem is I would like to encrypt the visible parameters in the URL to prevent user to change it to access data he should not see.
No amount of obfuscation can prevent someone from eventually guessing other valid parameters, or getting urls from other sources, etc. If you want the data to be secure, obfuscation won't do it. When those actions are doing the lookups, they should take the current user into account, only allowing appropriate users to access any given model object.
-Dale --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
