Re: Cayenne web application tutorial

From: Michael Gentry (blacknex..mail.com)
Date: Sat Apr 28 2007 - 09:09:19 EDT

  • Next message: Ryan Holmes: "Error loading project after selecting DBCPDataSourceFactory"

    The auto-hashing sounds interesting to me--as long as the hash could
    be seeded by the individual application developer (or even on a
    per-user basis using a session ID, etc). I didn't totally follow what
    you meant by the security manager scenario, though. Could you
    elaborate a bit on that?

    Thanks!

    /dev/mrg

    On 4/12/07, Robert Zeigler <robert..uregumption.com> wrote:
    > So, I currently work around this issue by validating server-side that
    > the user has the appropriate permissions to edit the object[s] that
    > came back with the request. However, I[ve been thinking for awhile
    > now of extending my existing squeeze adapter implementation (the one
    > on Tassel) to address security concerns like this. One possibility
    > would be to use some sort of hashing mechanism, as mentioned by
    > Peter. Another possibility (which is something I'm leaning towards)
    > is to allow for some sort of "security manager", where the squeeze
    > adapter can "re-inflate" the object, then hand it off to the security
    > manager for inspection to make sure that the user responsible for the
    > current request has permission to access the object. Thoughts/comments?
    >
    > Robert



    This archive was generated by hypermail 2.0.0 : Sat Apr 28 2007 - 09:09:52 EDT