On Apr 28, 2009, at 12:53 AM, Jacques Le Roux wrote:
Also as David pointed out, they should be used only with requests
using https since now they are always secured.
Actually no, I didn't say that, I said: "Along with that, they should
require https or not depending on the other requests they are working
with." You can see that quote below. In general if you re-read what I
wrote I was recommending against having such generic requests and
using some specific to the set of screens being created.
-David
So they are ok for backend (is there any exceptions in backend where
we dont secure URIs ?) but not for eCommerce for instance. We could
have also the pair not secured for these cases, like backHomeS and
backLastS for these one and backHome and backLast for the non
secured pair. Then al this could be set in common-controller. Though
beware, some links are secured in eCommerce too, like checking out
for instance...
My 2 cts
Jacques
From: "Hans Bakker" <mailingl...@antwebsystems.com>
I was wrong that it was not used, (forgot about it, wrote it myself)
it is currently used in the create contact mechanisms in the party
profile and in the mean time i have put it back with security as
jacques
pointed out.
regards,
Hans
On Mon, 2009-04-27 at 19:55 +0200, Malin Nicolas wrote:
Hans Bakker a écrit :
> but do not waste too much time on this, they are not used
anywhere.....
>
I thinks the view-last and view-home is good to manage user screen
process. On many case, we have some user who do a search and operate
some data modification. After operate their modification, they whant
return to the last search result.
Example, you list customer that missing last name, and for each put
missed field. Actualy you need, do the search, select customer,
save tel
number, return to search, do the search.
With view-last we can do :
make the search, select customer, save tel number, select
customer, save
tel number, ...
I try to implement this with view-last but if we call with request
we
have some previous parameters that break the last search, and if
we call
with reques-redirect, we lost security.
If you add security on new uri backLast when can do that.
Nicolas
> On Sat, 2009-04-25 at 19:10 -0600, David E Jones wrote:
>
>> Where do these come from?
>>
>> The "view-home" and "view-last" response types should NEVER be
used
>> generically like this and instead should be specific for the
>> particular request flow they are part of. Along with that, they
should
>> require https or not depending on the other requests they are
working
>> with.
>>
>> -David
>>
>>
>> On Apr 25, 2009, at 12:32 PM, Jacques Le Roux wrote:
>>
>>
>>> Is it normal that the backHome and backLast are not securised ?
>>>
>>> <request-map uri="backHome">
>>> <response name="success" type="view-home"/>
>>> </request-map>
>>> <request-map uri="backLast">
>>> <response name="success" type="view-last"/>
>>> </request-map>
>>>
>>> Jacques
>>>
>>>
--
Antwebsystems.com: Quality OFBiz services for competitive rates
