struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Data security
Date Thu, 04 Jan 2007 14:02:59 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thorsten,

uni@thorstenschaefer.de wrote:
> However, what happens if a user logs
> in, but then submits an arbitrary id - this would enable him to see orders from
> other users! How can such security lacks be avoided best?

I'm assuming that you are storing all of this in a relational database.
The best thing is to have orders linked back to the users who "own"
them. Something like this:

user
- ----
id

order
- -----
id
owner_id  (FK to user.id)

Now, whenever you lookup an order for a user, make sure that you compare
the owner_id to the user's authenticated user id. If they don't match,
you can throw an access error. Better yet, just tell the user that the
requested order doesn't exist.

You can write simple SQL to do this, assuming you only want to prohibit
access (not log suspicious attempts to access data):

SELECT (whatever) FROM order WHERE id=? AND owner_id=?

If the owner doesn't match the order, you won't get any records back,
and you can tell the user that no such order exists.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFnQkS9CaO5/Lv0PARAuBtAKC9mMj+5N+h6cPxd+tPvRJsIV6bNQCeJAnN
CBUe80k6COn7RrNkXG1pPHM=
=Pco4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message