[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-975) constraint by inclusion on remote calls object fields

Marcus Adair (JIRA) jira-events at lists.jboss.org
Tue Jan 8 09:21:43 EST 2008 

    [ http://jira.jboss.com/jira/browse/JBSEAM-975?page=comments#action_12394147 ] 
            
Marcus Adair commented on JBSEAM-975:
-------------------------------------

I was just going to create a ticket with the same request when I discovered it already here. I just want to put 2 cents in that this is actually a pretty big deal. Our group just realized the risk yesterday and how easily extremely sensitive information could be accidentally released into the wild.

I don't mean to sound overboard on the issue, but we are right now having to find ways to reduce the risk of accidental release of private data.

So my vote is for this to raise in priority as near to blocker as it can get.

> constraint by inclusion on remote calls object fields
> -----------------------------------------------------
>
>                 Key: JBSEAM-975
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-975
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Remoting
>            Reporter: Zalder R
>         Assigned To: Shane Bryzak
>            Priority: Optional
>
> I think it could be nice to define the fields of the objects returned in a "WebRemote call" with an "include" parameter (instead of the current exclude parameter).
> For instance : 
> now you have : 
> @WebRemote(exclude = {"secret"})
> it would be nice to be able to define :
> @WebRemote(include = {"fieldIreallyNeed1", "fieldIreallyNeed2"})
> The reasons for this are many :
> - security : if the object structure varies over time, you would not want the new fields to be available on the client side by default
> - in some cases it's a lot more lightweight (both in the code and in the volume of data sent) to define a minimum set of fields you want instead of the fields you don't want

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list