root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Added reference to OWASP site to preface of ref manual

This commit is contained in:
Luke Taylor 2008-06-11 17:35:27 +00:00
parent 8a2581c939
commit fe929bf9b9
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/docbkx/springsecurity.xml
View File

@ -49,7 +49,8 @@
hopefully be configured to minimize the permissions granted to different
Java types, and then your application will add its own problem
domain-specific security configuration. Spring Security makes this latter
area - application security - much easier.</para>
area - application security - much easier.
</para>
<para>Of course, you will need to properly address all security layers
mentioned above, together with managerial factors that encompass every
@ -65,7 +66,8 @@
banking application has different needs from an ecommerce application. An
ecommerce application has different needs from a corporate sales force
automation tool. These custom requirements make application security
interesting, challenging and rewarding.</para>
interesting, challenging and rewarding.
</para>
<para>Please read <xref linkend="getting-started"/>, in
its entirety to begin with. This will introduce you to the framework and the namespace-based
@ -73,10 +75,19 @@
of an in-depth understaning of how Spring Security works, and some of the classes you might
need to use, you should then read <xref linkend="overall-architecture"/>.
The remaining parts of this guide are structured in a more traditional reference style,
designed to be read on an as-required basis.</para>
designed to be read on an as-required basis. We'd also recommend that you read up as much as
possible on application security issues in general. Spring Security is not a panacea which will
solve all security issues. It is important that the application is designed with security in
mind from the start. Attempting to retrofit it is not a good idea.
In particular, if you are building a web application, you should be aware of the many potential
vulnerabilities such as cross-site scripting, request-forgery and session-hijacking which you should
be taking into account from the start. The OWASP web site (http://www.owasp.org/) maintains a
top ten list of web application vulnerabilities as well as a lot of useful reference information.
</para>
<para>We hope that you find this reference guide useful, and we welcome
your feedback and <link xlink:href="#jira">suggestions</link>.</para>
your feedback and <link xlink:href="#jira">suggestions</link>.
</para>
<para>Finally, welcome to the Spring Security <link xlink:href="#community" >community</link>.
</para>