Re: Client PK access

From: Kevin Menard (kmenar..ervprise.com)
Date: Sun Apr 27 2008 - 12:03:09 EDT

Next message: Michael Gentry: "Re: Client PK access"

Previous message: Michael Gentry: "Re: Client PK access"
In reply to: Michael Gentry: "Re: Client PK access"
Next in thread: Michael Gentry: "Re: Client PK access"
Reply: Michael Gentry: "Re: Client PK access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Michael,

We're looking to basically achieve feature parity with the Hibernate module
and then surpass it. We've got some pretty good stuff going on right now.
The simplest way forward was to include keys in the URLs, but we intend on
making things more secure going forward.

If you want to get involved with discussions and what not, feel free to join
the group. It's pretty low volume:

http://code.google.com/p/tapestry5-cayenne/

-- 
Kevin
On 4/27/08 11:50 AM, "Michael Gentry" <blacknex..mail.com> wrote:
> Hi Kevin,
> 
> I'm just curious since I haven't been following Tapestry much lately
> (I'm in WebObjects land currently) if you are making a data squeezer
> (or whatever they are calling it in T5) for Cayenne?  If so, is it
> just going to stuff primary keys into the HTML as hidden fields or be
> something more elaborate?  The environments I've worked in tend to
> need data security and exposing the primary keys in the HTML would be
> a definite no-no.  You never want to give the client/end-user a chance
> to hack the primary key values to try gain backdoor access to the
> data.
> 
> Thanks!
> 
> /dev/mrg
> 
> 
> On Sun, Apr 27, 2008 at 10:08 AM, Kevin Menard <kmenar..ervprise.com> wrote:
>> As part of the fix for CAY-574, we added a getPrimaryKeyNames() :
>>  Collection<String> method to ObjEntity.  This did the trick and allowed
>>  DataObjectUtils to work.  Unfortunately, it doesn't expose the PK type
>>  information.
>> 
>>  As some of you likely know, I'm working on Tapestry5-Cayenne integration
>>  module with Robert Zeigler.  I'm trying to ensure the module works just as
>>  well for an ROP client as it does for traditional Cayenne server apps.  One
>>  of the things we need to be able to handle is the coercion of keys to and
>>  from String values.  This implies knowledge of the key class type, which is
>>  currently unavailable in the client.
>> 
>>  I'm soliciting ideas on how to improve this.  Off the top of my head, I'm
>>  thinking something like the following:
>> 
>>  // Simple key-> value lookup.
>>  String getPkClassName(String pkName)
>> 
>>  // Modification of existing method to allow PK lookups.
>>  ObjAttribute getAttribute(String name, boolean includePks)
>> 
>>  // Rather than just have getPrimaryKeyNames(), return a mapping
>>  // of the key name and its Java class.
>>  Map<String, String> getPrimaryKeys()
>> 
>>  If possible, this is something I'd like to see squeezed in for 3.0M4,
>>  because I'd really like that module to not have to rely on 3.0-SNAPSHOT.
>> 
>>  Thanks,
>>  Kevin
>> 
>>

Next message: Michael Gentry: "Re: Client PK access"
Previous message: Michael Gentry: "Re: Client PK access"
In reply to: Michael Gentry: "Re: Client PK access"
Next in thread: Michael Gentry: "Re: Client PK access"
Reply: Michael Gentry: "Re: Client PK access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Sun Apr 27 2008 - 12:03:46 EDT