Re: security

From: Carl Mosca (carljmosc..mail.com)
Date: Wed Jan 31 2007 - 12:50:26 EST

  • Next message: Carl Mosca: "Re: security"

    Andrus,

    Thank you. I'll take a look and see what I can come up with once I get
    started.

    Is there a published timetable for 3.0?

    Carl

    On 1/31/07, Andrus Adamchik <andru..bjectstyle.org> wrote:
    >
    > Hi Carl,
    >
    > To be honest a few ROP projects that I've done used all-or-nothing
    > security (if you are authenticated, you can do anything). Still I've
    > been also thinking about more fine-grained approach. My solution
    > would be to set up a custom 'org.apache.cayenne.DataChannel'
    > decorator, adding custom security checks to 'onQuery()' and 'onSync'
    > methods. In the simplest case, you can have the following security
    > levels:
    >
    > 1. Restricted: only NamedQuery requests are honored, 'onSync' is denied.
    > 2. Read-only: onQuery() allows all but SQLTemplate queries, 'onSync'
    > is denied.
    > 3. Full
    > 4. Custom - check custom rules.
    >
    > Also I haven't yet explored the use of the new 3.0 callbacks as a
    > security mechanism, probably there are some opportunities there:
    >
    > http://cayenne.apache.org/preview/CAYDOC/lifecycle-callbacks.html
    >
    > Andrus
    >
    >
    > On Jan 31, 2007, at 4:23 PM, Carl Mosca wrote:
    >
    > > I am wondering about security (user, query, role level). What
    > > approaches
    > > have been taken by those using ROP for a some time?
    > >
    > > TIA,
    > > --
    > > Carl J. Mosca
    >
    >

    -- 
    Carl J. Mosca
    



    This archive was generated by hypermail 2.0.0 : Wed Jan 31 2007 - 12:51:28 EST