On Mon, Dec 19, 2011 at 9:31 PM, Supun Malinga <sup...@wso2.com> wrote:
> > > On Mon, Dec 19, 2011 at 9:12 PM, Thilina Buddhika <thili...@wso2.com>wrote: > >> Hi Folks, >> >> At the moment, the two invalid character sets used in UM(for usernames >> and rolenames) and Registry (for Registry resources) are not synced. But in >> some of the components, username is used as part of the registry >> resources. Due to this , there are so many Carbon jira's created for >> broken functionality when there are characters in the usernames/rolesnames >> which are considered invalid for registry resource names. When I reviewed >> Jiras created for Identity and Security components, I found nearly 10-15 >> Jiras created for similar cases. I think it is the case for other >> components as well. >> >> So I suggest we should consider the same set of characters as invalid for >> both UM and Registry. >> > > +1 > How about introducing a JS function into core ui bundle that can filter > and identify the invalid characters. I also faced this kind of issue where > sql injection was possible when I hadn't controlled the role-names allowed > into server-roles component. So I ended up in adding my own js function to > filter these. If it is available from core ui utils itself it would be much > easier to define a common rule-set for allowing characters for property > names from the ui, etc. > This also needs to be checked both at the UI level as well as at the service level - and UI should ideally ask the validation rule from the BE and then validate.. and BE should also validate independently... Thanks & regards, -Prabath > > thanks, > > >> Thanks, >> Thilina >> >> >> -- >> Thilina Buddhika >> Associate Technical Lead >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 77 44 88 727 >> blog : http://blog.thilinamb.com >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Supun Malinga, > > Software Engineer, > WSO2 Inc. > http://wso2.com > http://wso2.org > email - sup...@wso2.com <sup...@wso2.com> > mobile - 071 56 91 321 > > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thanks & Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
