安全问题:如何保证Hibernate集合从客户端回到服务器? [英] Security question: how to secure Hibernate collections coming back from client to server?
问题描述
我有一个名为Parent的简单pojo,它包含一个对象Child的集合。
I've got a simple pojo named "Parent" which contains a collection of object "Child".
在hibernate / jpa中, - 多个关联,孩子不知道他们的父:这些子对象可以有不同类型的父,所以更容易不知道父(认为孩子代表标签和父母可以是不同的对象类型,有标签)。
In hibernate/jpa, it's simply a one-to-many association, children do not know their parent: these Child objects can have different type of Parent so it easier to not know the parent (think of Child which represents Tags and parents can be different object types which have tags).
现在,我将我的父对象发送到我的网站的客户端视图,以允许用户修改它。
Now, I send my Parent object to the client view of my web site to allow user to modify it.
对于它,我使用Hibernate / GWT / Gilead。
For it, I use Hibernate/GWT/Gilead.
我的用户保存一些更改,然后单击保存按钮(ajax),将我的父对象发送到服务器。
My user mades some changes and click the save button (ajax) which sends my Parent object to the server. fields of my parent has been modified but more important, some Child objects has been added or deleted in the collection.
对于摘要,当Parent对象返回到服务器时,它的父对象已经被修改,但更重要的是,一些Child对象已经被添加或删除。现在在其集合中:
- 新的Child对象,其中id为null并且需要持久
- 修改Child对象,其中id不为null并且需要合并
- 潜在的被攻击的Child对象,其中id不是null,但是不是由父母最初拥有
- 缺少(删除)的子对象:需要删除
To summary, when Parent object comes back to server, it now has in its collection: - new "Child" objects where id is null and need to be persist - modified "Child" objects where id is not null and need to be merge - potentially hacked "Child" objects where id is not null but are not originally owned by the Parent - Child objects missing (deleted): need to be deleted
如何保存父对象(及其集合)?你从数据库加载父集合以比较修改后的集合的每个对象,以查看是否没有被黑客入侵的项目?
你清除旧的集合(删除孤儿)并重新添加新的孩子(但有一些孩子没有被修改)?
How do you save the parent object (and its collection) ? do you load the parent collection from database to compare each objects of the modified collection to see if there is no hacked item ? Do you clear the old collection (to remove orphan) and re add new child (but there is some Child that has not been modified) ?
感谢
PS:对不起我的英语,我希望你理解这个概念)
PS: sorry for my english, I hope you have understand the concept ;)
推荐答案
我发现的最好的解决方案是管理一个DTO,手动创建。 DTO只向客户端发送所需的数据。对于我想在ReadOnly模式中设置的每个字段,我计算一个基于我使用dto发送给客户端的密钥的签名。
The best solution I've found is to manage a DTO, manually created. The DTO sends only needed datas to the client. For each fields I want to set in ReadOnly mode, I calculate a signature based on a secret key that I send to client with my dto.
当我的DTO回到服务器,我检查签名,以确保我的只读字段没有更改(重新计算签名与回来的字段,并将其与签名与dto回来比较)
When my DTO comes back to server, I check the signature to be sure that my read only fields have not changed (recalculate the signature with coming back fields and compare it to the signature coming back with dto)
它允许我指定只读字段,并确保我的对象不被黑客入侵。
It allows me to specify read only fields and be sure that my objects are not hacked.
这篇关于安全问题:如何保证Hibernate集合从客户端回到服务器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
