Re: Note to Cayenne/Tapestry users ...

From: Robert Zeigler (robert..uregumption.com)
Date: Wed Jan 04 2006 - 18:51:20 EST

Next message: Andrus Adamchik: "Re: Dynamic Data Maps"

Previous message: Steve Wells: "RE: Note to Cayenne/Tapestry users ..."
In reply to: Steve Wells: "RE: Note to Cayenne/Tapestry users ..."
Next in thread: Gentry, Michael \(Contractor\): "RE: Note to Cayenne/Tapestry users ..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've contemplated obscuring the string through encryption.
I'll look into the GUID approach as well, though.
Personally, I always double check server-side to make sure the user has
edit/view/whatever permissions for objects. (That gets tedious, of
course, but, it's also a safe bet. :)

Steve Wells wrote:

>Mike,
>
>Using a custom squeezer is the way to go. To get around around your
>vulnerability issues I think there are 2 options off the top of my head:
>1. Modify Roberts DataSqueezer impl to obscure the PK's. such as a Map
>of GUID's to PK's, GUIDs are then put in the page and then mapped back
>to PK's.
>2. Wait for different PK generation schemes...again such as GUID. I'd
>think this would be secure enough for most apps?
>
>Surely someone has done something like this before?
>
>
>
>
>

Next message: Andrus Adamchik: "Re: Dynamic Data Maps"
Previous message: Steve Wells: "RE: Note to Cayenne/Tapestry users ..."
In reply to: Steve Wells: "RE: Note to Cayenne/Tapestry users ..."
Next in thread: Gentry, Michael \(Contractor\): "RE: Note to Cayenne/Tapestry users ..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2.0.0 : Wed Jan 04 2006 - 18:49:20 EST