cayenne-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aristedes Maniatis <>
Subject ROP security
Date Wed, 15 May 2013 23:49:17 GMT
We have a ROP Cayenne application we'd like to lock down a bit more tightly. In particular,
in a situation where we don't trust the client application hasn't been hacked, we'd like to
restrict certain activity from the client. I'm thinking of:

1. preventing SQLTemplate/EJBQL queries completely
2. adding entity listeners to catch certain write behaviour (we can't do a lot about reading
data since that's easy to do at the controller level, on the client, but pretty hard to construct
rules at the model level on the server)
3. creating 'partial' object entities which are missing some attributes. Sort of hollow, but
only hollow on some attributes.

Has anyone attempted anything similar to the above? (2) should be easy enough, but not sure
about the other requirements.


Aristedes Maniatis
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001   fax +61 2 9550 4001
GPG fingerprint CBFB 84B4 738D 4E87 5E5C  5EFA EF6A 7D2E 3E49 102A

View raw message