tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Howard Lewis Ship <hls...@gmail.com>
Subject Re: DataSqueezer question
Date Mon, 04 Oct 2004 11:16:25 GMT
Don't store persistent properties if the user doesn't have access to
the data in the first place!  Be pro-active, don't all the user onto a
page which will store the inaccessible data.


On Sat, 02 Oct 2004 16:19:12 +0200, Markus Wiederkehr
<asdf@fantasymail.de> wrote:
> I'm writing an application that deals with Document objects. I use a
> custom ISqueezeAdaptor implementation to represent a document in an HTML
> page. Squeezing and unsqueezing works fine, so far, so good.
> 
> But now I've run into the following problem: A Document object contains
> sensitive information. Only privileged users should be allowed to obtain
> a Document instance from its squeezed representation. Ownership and user
> rights have to be checked. So the unsqueeze() method of ISqueezeAdaptor
> would need to access the current user which is stored in the Visit
> object. Unfortunately neither the Visit object nor the Engine seems to
> be accessible from within the unsqueeze() method.
> 
> Is there an easy solution to this problem?
> 
> Markus
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org
> 
> 



-- 
Howard M. Lewis Ship
Independent J2EE / Open-Source Java Consultant
Creator, Jakarta Tapestry
Creator, Jakarta HiveMind
http://howardlewisship.com

---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org


Mime
View raw message