[jboss-user] [JBoss Seam] - Re: Glaring Security Hole?
bfagan
do-not-reply at jboss.com
Tue Sep 19 09:56:25 EDT 2006
I don't think it's any more of a hassle than creating a @Remote or @WebSerivce interface. In fact we're talking about just one tag, @WebRemote, in a class.
It would also be easier for developers who are new to Seam Remoting to follow if it is consistent. "I have to use @WebRemote on sessions, but @NoWebRemote on entities? Why'd that do that?"
If you're worried about existing developers or eliminating the speed-bump, you can always create a property in a config file somewhere that would enable/disable entity model remoting restrictions.
>From a security standpoint, I think it's much better to err on the side of security, i.e. you have to specifically enable which entity models you want exposed.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3972579#3972579
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3972579
More information about the jboss-user
mailing list