File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes User scoped data access security. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "User scoped data access security." Watch "User scoped data access security." New topic

User scoped data access security.

Oscar Romero

Joined: Jun 27, 2010
Posts: 6
Hi guys,

In the last few days my boss has been discusing with a couple of colleagues about how to prevent user manipulation of web pages to access other user's data. For example:

I work for an Ensurance company, and some users have access to some of our client's policies through a page which shows a link with the policy number to view the details of each one of them. What the big bosses here whants, is to get rid of the posibility of users modifying these links (with firebug for example) with policies that are not asociated to them.

I rember that a few years ago, in another company, we had a similar problem and we handled it by just building an array on the server side with all the data the user had access in that page, so we can check the requests against this array. It worked.

I want to know if is there any framework, like Spring por example, which allows to implement features like this in a more standard way.

Please, sorry about bad english. I Hope I explained myself well.

I agree. Here's the link:
subject: User scoped data access security.
It's not a secret anymore!