cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Gentry" <blackn...@gmail.com>
Subject Re: Cayenne web application tutorial
Date Sat, 28 Apr 2007 13:09:19 GMT
The auto-hashing sounds interesting to me--as long as the hash could
be seeded by the individual application developer (or even on a
per-user basis using a session ID, etc).  I didn't totally follow what
you meant by the security manager scenario, though.  Could you
elaborate a bit on that?

Thanks!

/dev/mrg


On 4/12/07, Robert Zeigler <robertz@puregumption.com> wrote:
> So, I currently work around this issue by validating server-side that
> the user has the appropriate permissions to edit the object[s] that
> came back with the request.  However, I[ve been thinking for awhile
> now of extending my existing squeeze adapter implementation (the one
> on Tassel) to address security concerns like this.  One possibility
> would be to use some sort of hashing mechanism, as mentioned by
> Peter.  Another possibility (which is something I'm leaning towards)
> is to allow for some sort of "security manager", where the squeeze
> adapter can "re-inflate" the object, then hand it off to the security
> manager for inspection to make sure that the user responsible for the
> current request has permission to access the object.  Thoughts/comments?
>
> Robert

Mime
View raw message