https://stackoverflow.com/questions/22094542
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianTo use https for secure transport is a good start.
Since you have tagged your question with "spring" and there is no security framework in place, I would suggest you take a look at Spring Security, which integrates nicely with Spring.
Securing a web service that updates user details
-
18-10-2022 - |
質問
The web service(using POST) allows the requester to update details of a user. The web service accepts the id of the user to be updated.
I think accpeting the id of the request as a parameter is risky. Someone could create a post request and insert the id of any user and update the details of that user.
To ensure to an acceptable level that user details cannot be updated what are the options. Here is what I think :
There is currently no security framework in place.
- encrypt the request at the transport layer user SSL
- encrypt just the id itself
解決
所属していません StackOverflow
