Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

database keys in JSP form  RSS feed

 
Matt Kim
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,
I'm fairly new to JSP's. A thought crossed my mind while developing a web/db app.
If I have database keys in a JSP post form, couldn't someone manipulate this value and alter records that they shouldn't be able to? If so, what would be a safer solution? Should the keys be stored in the session and accessed behind the scenes?
Regards,
Matt
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65830
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It was a good thought.
You should never trust any information coming from the client. Your business logic should always check that an operation is "legal" prior to executing it.
If your system has a user login, you can associate permissions or roles with the users to determine what they should and should not be able to do, along with any other security checks that make sesne.
[ May 03, 2004: Message edited by: Bear Bibeault ]
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65830
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I also encrypt any database keys sent to/from the client.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!