Thanks for the link, Kevin. It seems Robert listened to me! :-)
http://code.google.com/p/tapestry5-cayenne/wiki/SecuringValueEncoders
For an externally-facing application (and even some internal), it
seems pluggable encryption might be the best approach (you don't want
to include actual encryption, though). These overly-secure types of
applications rarely care about friendly URLs, from what I've seen thus
far and many are form/POST-based. I'll check out more later.
Thanks!
On Sun, Apr 27, 2008 at 12:03 PM, Kevin Menard <kmenar..ervprise.com> wrote:
> Hi Michael,
>
> We're looking to basically achieve feature parity with the Hibernate module
> and then surpass it. We've got some pretty good stuff going on right now.
> The simplest way forward was to include keys in the URLs, but we intend on
> making things more secure going forward.
>
> If you want to get involved with discussions and what not, feel free to join
> the group. It's pretty low volume:
>
> http://code.google.com/p/tapestry5-cayenne/
>
> --
> Kevin
>
>
>
>
> On 4/27/08 11:50 AM, "Michael Gentry" <blacknex..mail.com> wrote:
>
> > Hi Kevin,
> >
> > I'm just curious since I haven't been following Tapestry much lately
> > (I'm in WebObjects land currently) if you are making a data squeezer
> > (or whatever they are calling it in T5) for Cayenne? If so, is it
> > just going to stuff primary keys into the HTML as hidden fields or be
> > something more elaborate? The environments I've worked in tend to
> > need data security and exposing the primary keys in the HTML would be
> > a definite no-no. You never want to give the client/end-user a chance
> > to hack the primary key values to try gain backdoor access to the
> > data.
> >
> > Thanks!
> >
> > /dev/mrg
> >
> >
> > On Sun, Apr 27, 2008 at 10:08 AM, Kevin Menard <kmenar..ervprise.com> wrote:
> >> As part of the fix for CAY-574, we added a getPrimaryKeyNames() :
> >> Collection<String> method to ObjEntity. This did the trick and allowed
> >> DataObjectUtils to work. Unfortunately, it doesn't expose the PK type
> >> information.
> >>
> >> As some of you likely know, I'm working on Tapestry5-Cayenne integration
> >> module with Robert Zeigler. I'm trying to ensure the module works just as
> >> well for an ROP client as it does for traditional Cayenne server apps. One
> >> of the things we need to be able to handle is the coercion of keys to and
> >> from String values. This implies knowledge of the key class type, which is
> >> currently unavailable in the client.
> >>
> >> I'm soliciting ideas on how to improve this. Off the top of my head, I'm
> >> thinking something like the following:
> >>
> >> // Simple key-> value lookup.
> >> String getPkClassName(String pkName)
> >>
> >> // Modification of existing method to allow PK lookups.
> >> ObjAttribute getAttribute(String name, boolean includePks)
> >>
> >> // Rather than just have getPrimaryKeyNames(), return a mapping
> >> // of the key name and its Java class.
> >> Map<String, String> getPrimaryKeys()
> >>
> >> If possible, this is something I'd like to see squeezed in for 3.0M4,
> >> because I'd really like that module to not have to rely on 3.0-SNAPSHOT.
> >>
> >> Thanks,
> >> Kevin
> >>
> >>
>
>
This archive was generated by hypermail 2.0.0 : Sun Apr 27 2008 - 12:43:15 EDT