cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carl Mosca" <carljmo...@gmail.com>
Subject Re: security
Date Wed, 31 Jan 2007 17:50:26 GMT
Andrus,

Thank you.  I'll take a look and see what I can come up with once I get
started.

Is there a published timetable for 3.0?

Carl

On 1/31/07, Andrus Adamchik <andrus@objectstyle.org> wrote:
>
> Hi Carl,
>
> To be honest a few ROP projects that I've done used all-or-nothing
> security (if you are authenticated, you can do anything). Still I've
> been also thinking about more fine-grained approach. My solution
> would be to set up a custom 'org.apache.cayenne.DataChannel'
> decorator, adding custom security checks to 'onQuery()' and 'onSync'
> methods. In the simplest case, you can have the following security
> levels:
>
> 1. Restricted: only NamedQuery requests are honored, 'onSync' is denied.
> 2. Read-only: onQuery() allows all but SQLTemplate queries, 'onSync'
> is denied.
> 3. Full
> 4. Custom - check custom rules.
>
> Also I haven't yet explored the use of the new 3.0 callbacks as a
> security mechanism, probably there are some opportunities there:
>
> http://cayenne.apache.org/preview/CAYDOC/lifecycle-callbacks.html
>
> Andrus
>
>
> On Jan 31, 2007, at 4:23 PM, Carl Mosca wrote:
>
> > I am wondering about security (user, query, role level).  What
> > approaches
> > have been taken by those using ROP for a some time?
> >
> > TIA,
> > --
> > Carl J. Mosca
>
>


-- 
Carl J. Mosca

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message