struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacob Hookom" <hooko...@uwec.edu>
Subject [OT] Request Certificates/Security
Date Fri, 06 Sep 2002 18:54:33 GMT
I know I beat security like a dead horse, but....

If my app generates a menu specific to the user, i.e., a project list
that they belong to, then instead of creating a link to the
project.do?id=25, do you think it would be secure enough if I passed a
huge "certificate" instead that had an hour time limit on it?  The link
would instead be: 

project.do?id=AJEIKL46642K32343OIN4

(Where the project uid is hashed with a timestamp and their role as the
param)

I know some developers use it when they are securing sites that span
multiple servers, but for this, it would prevent redundant db access at
best.

Does anyone else use this method?

Jacob Hookom 
Comprehensive Computer Science 
University of Wisconsin, Eau Claire 



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002
 


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message