WebApp Sec mailing list archives
Re: JSP Security - Limiting URL's
From: Jeremy Poteet <jpoteet () tech-partners com>
Date: Tue, 10 Dec 2002 08:42:40 -0600
While I agree with the basic concept, most of the systems I see don't require this across the entire system, but have discrete areas where the order of pages is important. For example, signing up for an account takes three steps or buying a product is a four step process. The concept we discuss with our customers is that of a "bookmarkable URL". If a user should be able to bookmark a page and go directly to it, then make it a new JSP/ASP/Servlet/etc. On the other hand, if it is a step in a process, such as it doesn't make sense to jump directly to the confirmation page, then those steps should be encapsulated behind a single page. So, while I agree with the concept, I would suggest it be used where appropriate rather than blindly used for all cases. Jeremy Poteet Chief Technology Officer Technology Partners, Inc. 1-877-636-1331 x105 (toll free) 636-519-1221 x105 http://www.tech-partners.com On 12/9/02 4:42 PM, "securityarchitect () hush com" <securityarchitect () hush com> wrote:
http://www.onjava.com/pub/a/onjava/2001/06/27/java_security.html Can anyone see a downside to this ? Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- JSP Security - Limiting URL's securityarchitect (Dec 09)
- Re: JSP Security - Limiting URL's Jeff Williams @ Aspect (Dec 09)
- Re: JSP Security - Limiting URL's Andrew Jaquith (Dec 10)
- Re: JSP Security - Limiting URL's Steve Posick (Dec 10)
- Re: JSP Security - Limiting URL's mlh (Dec 10)
- Re: JSP Security - Limiting URL's Jeremy Poteet (Dec 10)
- Re: JSP Security - Limiting URL's Jeff Williams @ Aspect (Dec 09)