WebApp Sec mailing list archives

Re: JSP Security - Limiting URL's

From: mlh () zip com au
Date: Wed, 11 Dec 2002 09:09:46 +1100

On Tue, 10 Dec 2002 09:48:02 -0500
Steve Posick <steve.posick () advansol com> wrote:

The idea of a Finite State Machine (FSM) is a good one for the example that 
the author used, an exam.  It would fit nicely for any application that 
requires the user to follow a specific set of paths through the application 
and his use of XML as a state definition language is very 
elegant.


I don't see why an FSM enforces a particular path.
In fact, it can enable arbitrary paths since you
can define a behaviour from any given state to any
other. e.g. 'no state' -> 'first visit state' for
a page to enable bookmarkable urls.

Matt

Current thread:

JSP Security - Limiting URL's securityarchitect (Dec 09)
- Re: JSP Security - Limiting URL's Jeff Williams @ Aspect (Dec 09)
  - Re: JSP Security - Limiting URL's Andrew Jaquith (Dec 10)
- Re: JSP Security - Limiting URL's Steve Posick (Dec 10)
  - Re: JSP Security - Limiting URL's mlh (Dec 10)
- Re: JSP Security - Limiting URL's Jeremy Poteet (Dec 10)