• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

S2: security, how to enforce authorization --user change url data

 
Ranch Hand
Posts: 755
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Say I have a list of items and each item has a link (URL)

example:


Question: What will be the best way to secure this action (editAccount) if the user is not authorized to access this account (ID 74881) -- (obviously, the user can change the URL and type the ID there)

One thing came to mind is to use an interceptor - and check if the user has permission to access this account.

So if interceptor is the right solution, how would one design it?
there could be other 'resources' eg: account, user, department, request etc.

Thanks for any thoughts
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic