View Forum Topic

Author	Message
cthanh Posts: 56	Posted 15:46 Aug 16, 2015 \| Do we need to implement security to prevent any unauthorized user from manually entering the url to access something they shouldn't be able to see. For example: if a user is allowed to see http://localhost:8080/csjobs-exam/job/view.html?id=1 Do we need to prevent them from accessing http://localhost:8080/csjobs-exam/job/view.html?id=2 even if there is no clickable link to get to that address? Thanks
cysun Posts: 2935	Posted 19:01 Aug 16, 2015 \| Yes, that's why it's called "security".

Author

Message

cthanh

Posts: 56

Posted 15:46 Aug 16, 2015 |

Do we need to implement security to prevent any unauthorized user from manually entering the url to access something they shouldn't be able to see.

For example: if a user is allowed to see http://localhost:8080/csjobs-exam/job/view.html?id=1

Do we need to prevent them from accessing http://localhost:8080/csjobs-exam/job/view.html?id=2

even if there is no clickable link to get to that address?

Thanks

cysun

Posts: 2935

Posted 19:01 Aug 16, 2015 |

Yes, that's why it's called "security".