design security issue

["Zhang, Larry (L.)" <lz...@ford.com>]

I have an web application on which the manager can view his manage tree and select his employee for transactions (such as Perfromance Rating, putting on Leave of absence). Definitely it is very vital in this case to keep the security or make sure one data for one employee is submitted not for another employee. Another thinking is that if the user come to a page via a bookmark or come to the page without visiting the previous page, we should catch this event and disallow the further action.  I need to come up some design solutions so that this security is handled elegantly. Any ideas? If you know some sites discussing this, please let me know.

Thanks.

Larry Zhang

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org