Re: Overriding pageWithName
Re: Overriding pageWithName
- Subject: Re: Overriding pageWithName
- From: Arturo PĂ©rez <email@hidden>
- Date: Tue, 20 Jan 2004 19:34:36 -0500
On Jan 20, 2004, at 7:01 PM, Jonathan Rochkind wrote:
At 6:00 PM -0500 1/20/04, arturo wrote:
I just reread David Neumann's WebObject and Security pdf from WWDC
2000.
His advice (override WOComponent.appendToResponse and
WODirectAction.performActionNamed()) don't seem secure enough to me.
That
is, using his method, in order to remove the security from a secure
WOComponent you just need to re-override appendToResponse.
Um, right, because his security is meant to be security against the
_user_, not against other developers. A user can't "re-override"
anything, the user doesn't have access to the source code (in a web
application, anyway).
Well, I've worked with developers who would strip that sort of thing
out. Or look at the code
and not call the methods they were supposed to call because "we didn't
like what it did."
But all I'm really concerned about is providing a framework with
subclassable classes whose security
can't be broken by overriding the secure methods.
--arturo
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.