[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-975) constraint by inclusion on remote calls object fields
[ http://jira.jboss.com/jira/browse/JBSEAM-975?page=comments#action_12394147 ]
Marcus Adair commented on JBSEAM-975:
-------------------------------------
I was just going to create a ticket with the same request when I discovered it already
here. I just want to put 2 cents in that this is actually a pretty big deal. Our group
just realized the risk yesterday and how easily extremely sensitive information could be
accidentally released into the wild.
I don't mean to sound overboard on the issue, but we are right now having to find ways
to reduce the risk of accidental release of private data.
So my vote is for this to raise in priority as near to blocker as it can get.
constraint by inclusion on remote calls object fields
-----------------------------------------------------
Key: JBSEAM-975
URL: http://jira.jboss.com/jira/browse/JBSEAM-975
Project: JBoss Seam
Issue Type: Feature Request
Components: Remoting
Reporter: Zalder R
Assigned To: Shane Bryzak
Priority: Optional
I think it could be nice to define the fields of the objects returned in a
"WebRemote call" with an "include" parameter (instead of the current
exclude parameter).
For instance :
now you have :
@WebRemote(exclude = {"secret"})
it would be nice to be able to define :
@WebRemote(include = {"fieldIreallyNeed1", "fieldIreallyNeed2"})
The reasons for this are many :
- security : if the object structure varies over time, you would not want the new fields
to be available on the client side by default
- in some cases it's a lot more lightweight (both in the code and in the volume of
data sent) to define a minimum set of fields you want instead of the fields you don't
want
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira