AW: Cayenne web application tutorial

From: Peter Schröder (Peter.Schroede..reenet-ag.de)
Date: Thu Apr 12 2007 - 09:28:42 EDT

  • Next message: Robert Zeigler: "Re: Cayenne web application tutorial"

    we use hashvalues to detect hacking-attempts. we create a md5 hash with the encoded value and some secret key and put it with the other parameters, so that the receiving component can check if the value has been edited bye comparing hashvalues.

    kind regards peter

    -----Ursprüngliche Nachricht-----
    Von: Michael Gentry [mailto:blacknex..mail.com]
    Gesendet: Donnerstag, 12. April 2007 15:23
    An: use..ayenne.apache.org
    Betreff: Re: Cayenne web application tutorial

    Just a note (yes, this is one of my soapboxes and Steve and I discussed this
    ages ago): If you need data security in your application, don't use the data
    squeezers with Tapestry. The squeezers are great if you don't care about
    security, but if you do, they are too problematic for someone who wants to
    try hacking things. They encode primary keys to your data objects, which
    can be altered by someone before being sent back to you, causing
    (potentially) incorrect records being retrieved/updated. (At least the last
    time I looked at it...)

    The above isn't meant to detract from Steve's tutorial, either, which is
    great and we are the better for having it available.

    Thanks!

    /dev/mrg

    On 4/12/07, Peter Schröder <Peter.Schroede..reenet-ag.de> wrote:
    >
    > it was a perfect tutorial to my work on a new job. it was exactly what we
    > are now using here as development-environment.
    >



    This archive was generated by hypermail 2.0.0 : Thu Apr 12 2007 - 09:29:04 EDT