So what do you do in the case of Direct links? Joel
-----Original Message----- From: Michael Gentry (Yes, I'm a Contractor) [mailto:[EMAIL PROTECTED] Sent: Friday, July 08, 2005 8:13 AM To: Tapestry users Subject: Re: Tapestry, Cayenne and Squeezer Maybe I'm paranoid, but for any application of consequence (where money or personal information is involved), I don't like giving the user any information they can mutate and send back to me and possibly gain access to information they shouldn't have access to. And any OS X user who has OmniWeb can easily edit the source, change any hidden INPUTs, and then redisplay the page and send it back to you. Of course, changing the value of the hidden INPUTs to something that is still meaningful could be challenging, but we are talking about someone motivated to hack the system to gain inappropriate access. I'll keep my DataContext/DataObjects in the Visit where it is safe from them. /dev/mrg > From: Todd O'Bryan <[EMAIL PROTECTED]> > Reply-To: Tapestry users <[email protected]> > Date: Fri, 8 Jul 2005 08:49:35 -0400 > To: Tapestry users <[email protected]> > Subject: Re: Tapestry, Cayenne and Squeezer > > On Jul 8, 2005, at 8:38 AM, t.n.a. wrote: > >> Todd O'Bryan wrote: >> >> >>> How did you handle passing CayenneDataObjects around the Tapestry >>> application? The squeezer just lets you use them normally, handling >>> serialization and deserialization behind the scenes. Before I started >>> using it, I had to pass around ObjectIds and such to prevent my data >>> objects from thinking they were in different DataContexts and >>> generally being a pain. >>> >> >> I stored the DataContext as well as most of what I needed in the >> Visit. >> Each user has his own visit object, each visit contains individual >> DataObjects and everything seems to work just fine. >> What am I missing? > > I generally try to avoid putting things in the Visit and instead > store them as parameters or hidden fields in the pages. It may simply > be a misguided attempt to save memory that I'm never going to need, > but enough people have touted the holy grail of statelessness that I > guess I've bought the hype. > > Todd > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
