Difference between revisions of "User:Yehohanan7"

Latest revision as of 14:07, 22 May 2008

Access control enforced by presentation layer

Enforcing access control in the presentation layer means that the developer does not show buttons and links for functions and assets that are not authorized for the user

Example in our application:

The payment button will be not shown in the payment page if the holiday is already booked.

Attacks

Forced Browsing

Defense

Access control must be performed in the business layer, not only the presentation layer.

Accidental leaking of sensitive information through data queries

SQL Injection

@@ Line 1: / Line 1: @@
-	Access control enforced by presentation layer
+== 	Access control enforced by presentation layer ==
-Definition:
+[[Definition:]]
 	Enforcing access control in the presentation layer means that the developer does not show buttons and links for functions and assets that are not authorized for the user
@@ Line 9: / Line 10: @@
 The payment button will be not shown in the payment page if the holiday is already booked.
-Attacks
+[[Attacks]]
-	Forced Browsing
+Forced Browsing
-Defense
+[[Defense]]
+Access control must be performed in the business layer, not only the presentation layer.
-	Access control must be performed in the business layer, not only the presentation layer.
+----
+== Accidental leaking of sensitive information through data queries ==
-	Accidental leaking of sensitive information through data queries
+[[SQL Injection]]

Difference between revisions of "User:Yehohanan7"

Latest revision as of 14:07, 22 May 2008

Access control enforced by presentation layer

Accidental leaking of sensitive information through data queries

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools