• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

User scoped data access security.

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys,

In the last few days my boss has been discusing with a couple of colleagues about how to prevent user manipulation of web pages to access other user's data. For example:

I work for an Ensurance company, and some users have access to some of our client's policies through a page which shows a link with the policy number to view the details of each one of them. What the big bosses here whants, is to get rid of the posibility of users modifying these links (with firebug for example) with policies that are not asociated to them.

I rember that a few years ago, in another company, we had a similar problem and we handled it by just building an array on the server side with all the data the user had access in that page, so we can check the requests against this array. It worked.


I want to know if is there any framework, like Spring por example, which allows to implement features like this in a more standard way.

Please, sorry about bad english. I Hope I explained myself well.

 
reply
    Bookmark Topic Watch Topic
  • New Topic