[jboss-user] [JBoss Seam] - Re: Glaring Security Hole?
sbryzak2
do-not-reply at jboss.com
Mon Sep 18 21:24:54 EDT 2006
I wouldn't go as far as to constrain all entities by default, it would add another "speedbump" that a developer would need to be aware of when implementing remoting in their app. Section 7.9 in the remoting chapter of the documentation describes how object graphs returned by invoking a session bean can be constrained to exclude sensitive or unnecessary objects. I've got no problem implementing a similar exclusion for entity classes. Maybe @NonRemotable, or even @NoWebRemote would be a good annotation for this use case.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3972452#3972452
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3972452
More information about the jboss-user
mailing list