In the last few days my boss has been discusing with a couple of colleagues about how to prevent user manipulation of web pages to access other user's data. For example:
I work for an Ensurance company, and some users have access to some of our client's policies through a page which shows a link with the policy number to view the details of each one of them. What the big bosses here whants, is to get rid of the posibility of users modifying these links (with firebug for example) with policies that are not asociated to them.
I rember that a few years ago, in another company, we had a similar problem and we handled it by just building an array on the server side with all the data the user had access in that page, so we can check the requests against this array. It worked.
I want to know if is there any framework, like Spring por example, which allows to implement features like this in a more standard way.
Please, sorry about bad english. I Hope I explained myself well.