在这种情况下,开发人员常常认为EJB组件不需要保护,因为它们在应用程序设计中不是“用户可以访问的”,但这种想法是一个危险的错误。
In this case, developers often assume that the EJBs do not need to be secured since they are not "user-accessible" in their application design, but this assumption is dangerously wrong.
通过清理数据并忽略被错误提交的数据,已经为保护应用程序奠定了良好的基础。
By cleaning up your data and ignoring data submitted improperly, you have made excellent first steps in securing your application.
清单3显示了一个USER Not Authenticated或FAKED USER错误的例子,当您通过不支持的登录方法登录并运行访问保护点的程序之后,就会出现此类错误。
Listing 3 shows an example of a USER Not Authenticated or FAKED USER error that occurs if you run a program to access a guard point after logging in via a non-authorized login method.
应用推荐