Alexey Parshin wrote: > > Yes, it is :) We don't have to block object modifications this way. Blocking > object modifications is implemented on the database level. We just have to > avoid user confusion, so hiding, for instance, 'Edit' button would do. And, > if someone is stubborn enough to try navigation by typing Servlet names and > GET parameters w/o a correct password - he/she deserves a confusion. > > Generally, we're discussing the state of system at the moment when only one > page (Home) is more or less implemented (security-wise). I've just started > the process of adding this code two-three days ago. > I understand it's all work in progress. I just want to do it in more structured way from the very beginning.
Authoright © Total Knowledge: 2001-2008