[security-dev] Securing TicketMonster with PicketBox Core
Anil.Saldhana at redhat.com
Fri Jul 27 12:25:50 EDT 2012
On 07/27/2012 11:20 AM, Marius Bogoevici wrote:
> Hi Anil,
> This looks like a great start. I see that there are quite a few TODO items on the list.
> Any timeline on them?
We are working on a lot of things with PicketBox. So we will tackle
these TODOs one by one with very short implementation cycles. If you are
able to prioritize the todos, it will be helpful.
> Here's thought. I think AJAX security can be split into either:
> a) REST endpoint security (which goes back to securing the REST endpoint classes)
PicketBox core will have implementations of JSON Security. I am unsure
DS is planning on that. IMO all REST based interactions are either atom
or JSON. What I have seen is json is used in almost all the use cases.
> b) URL security
> Now for the former, I think we should use the DeltaSpike @Secured facilities (I don't know exactly in what state they are right now, as existing stuff is interspersed with roadmap stuff in my head right now).
> On 2012-07-27, at 11:29 AM, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:
>> We can discuss about it here.
More information about the security-dev