In the standard webapp setting, all code works with the same privileges. It would be desirable to follow the principle of least privilege , and the Java security manager ("sandbox") should theoretically make this possible.
I assume that the parameter in which the code in the webapp consists of a "front end", whose code has the privilege to perform only those actions that are allowed to the user, and an "end" that is executed with great privileges and imposes these restrictions on the code "front end". Then the templates and most of the control logic will be part of the less privileged "front-end" code, limiting the attacker's ability to compromise security.
Is it already done? Is this part of any widely used web structure already?
source share