[jboss-dev-forums] [Design of Messaging on JBoss (Messaging/JBoss)] - Re: moving SecurityAspect to be an interceptor
timfox
do-not-reply at jboss.com
Thu Feb 7 06:28:15 EST 2008
That would be exploitable since a rogue client could just send (guess) someone else's user id.
Instead you could maintain a map of packet target id to user id in the server side filter and use that.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4127324#4127324
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4127324
More information about the jboss-dev-forums
mailing list