RE: Securing Tapestry Applications

obert Zeigler [mailto:[EMAIL PROTECTED] Sent: Monday, July 10, 2006 10:32 AM To: Tapestry users Subject: Re: Securing Tapestry Applications Hi Jim, good comments generally. The only comment I have at the moment is for #1, tapestry provides a specific listener, which is pageValidateLis

RE: Securing Tapestry Applications

ly 10, 2006 8:31 PM To: Tapestry users Subject: Re: Securing Tapestry Applications James, great work, I just cheked the tapestry-acegi, really a good adition to us, thanks again :) On 7/10/06, James Carman <[EMAIL PROTECTED]> wrote: > You can use tapestry-acegi for #1 and #2 right now. All

Re: Securing Tapestry Applications

e Acegi's domain security to do what you want (as was mentioned by others). -Original Message- From: Jim Steinberger [mailto:[EMAIL PROTECTED] Sent: Monday, July 10, 2006 6:01 AM To: Tapestry users Subject: Securing Tapestry Applications Hey all, I'm listing just a few se

RE: Securing Tapestry Applications

] Sent: Monday, July 10, 2006 6:01 AM To: Tapestry users Subject: Securing Tapestry Applications Hey all, I'm listing just a few security issues and possible solutions below. For the benefit of all, by all means challenge my assumptions, and add your own problems. But please at least c

Re: Securing Tapestry Applications

| Problem 3: Protecting the application from logged-in users who are | spoofing form parameters | | [...] | | However, we don't want to violate the DRY principle: if there are | multiple places where a given Entity can be selected for editing, we | would have to add this check in each place. T

Re: Securing Tapestry Applications

roblems 1 and 2, but I also explored why I believe it would not be adequate for Problem 3. Jim -Original Message- From: Ben Wong [mailto:[EMAIL PROTECTED] Sent: Monday, July 10, 2006 9:49 AM To: 'Tapestry users'; 'Tapestry users' Subject: RE: Securing Tapestry Applicati

Re: Securing Tapestry Applications

Hi Jim, good comments generally. The only comment I have at the moment is for #1, tapestry provides a specific listener, which is pageValidateListener. It's called earlier than pageRenderListener. If you're going to go the custom superclass route, implement PageValidateListener for the authenticat

RE: Securing Tapestry Applications

users'; 'Tapestry users' Subject: RE: Securing Tapestry Applications Correct me if I am wrong, but doesn't Acegi solve most, if not all, of these problems? http://acegisecurity.org/ Ben > -Original Message- > From: Jim Steinberger [mailto:[EMAIL PROTECTED] > S

RE: Securing Tapestry Applications

Correct me if I am wrong, but doesn't Acegi solve most, if not all, of these problems? http://acegisecurity.org/ Ben > -Original Message- > From: Jim Steinberger [mailto:[EMAIL PROTECTED] > Sent: Monday, July 10, 2006 5:01 AM > To: Tapestry users > Subjec

Securing Tapestry Applications

Hey all, I'm listing just a few security issues and possible solutions below. For the benefit of all, by all means challenge my assumptions, and add your own problems. But please at least consider my Problem 3 listed below, as I'm very curious as to whether someone's found a better elegant sol