Re: JSP Security - Limiting URL's

[Jeremy Poteet <jpoteet () tech-partners com>]

While I agree with the basic concept, most of the systems I see don't
require this across the entire system, but have discrete areas where the
order of pages is important.  For example, signing up for an account takes
three steps or buying a product is a four step process.

The concept we discuss with our customers is that of a "bookmarkable URL".
If a user should be able to bookmark a page and go directly to it, then make
it a new JSP/ASP/Servlet/etc.  On the other hand, if it is a step in a
process, such as it doesn't make sense to jump directly to the confirmation
page, then those steps should be encapsulated behind a single page.

So, while I agree with the concept, I would suggest it be used where
appropriate rather than blindly used for all cases.


Jeremy Poteet
Chief Technology Officer
Technology Partners, Inc.
1-877-636-1331 x105 (toll free)
636-519-1221 x105
http://www.tech-partners.com
  



On 12/9/02 4:42 PM, "securityarchitect () hush com"
<securityarchitect () hush com> wrote:

> http://www.onjava.com/pub/a/onjava/2001/06/27/java_security.html
>
> Can anyone see a downside to this ?
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Big $$$ to be made with the HushMail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427