We have a ROP Cayenne application we'd like to lock down a bit more tightly. In particular, in a situation where we don't trust the client application hasn't been hacked, we'd like to restrict certain activity from the client. I'm thinking of:
1. preventing SQLTemplate/EJBQL queries completely 2. adding entity listeners to catch certain write behaviour (we can't do a lot about reading data since that's easy to do at the controller level, on the client, but pretty hard to construct rules at the model level on the server) 3. creating 'partial' object entities which are missing some attributes. Sort of hollow, but only hollow on some attributes. Has anyone attempted anything similar to the above? (2) should be easy enough, but not sure about the other requirements. Cheers Ari -- --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
