preventing direct access to action

[Dan Allen <da...@gmail.com>]

Normally we talk about preventing direct access to a JSP, but, in
contrast, have a question regarding direct access to an action. 
Consider the following scenario:

A portal application hosts several portlet modules.  Each of the
modules is passed certain parameters from the portal when the user
selects that module.  Some of these parameters determine the security
restrictions of the user (such as what components are visible to the
user).  However, if the user changes one of these GET parameters, the
user could exploit greater access.  Up to this point, a servlet filter
was checking that the "referer" field was non null.  I know that this
form of security is highly discouraged (as it can be faked).  How can
one be sure that the information passed from page to page can be
trusted?

My guess is that the advice given is that the parameter must be
validated against the database for the current user, not just trusted.
 In this case, the referer field is irrelevant.

Dan

-- 
Open Source Advocacy
http://www.mojavelinux.com

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org