RE: WO JavaClient apps security
RE: WO JavaClient apps security
- Subject: RE: WO JavaClient apps security
- From: "Andrus Adamchik" <email@hidden>
- Date: Thu, 10 Mar 2005 10:20:16 -0500 (EST)
- Importance: Normal
Thanks everybody for the replies (including those sent to me off the list)!!
So looks like most of the complaints are about Swing part of it (no
surprise here, Swing sucks)... Nobody said anything about security
concerns, so I assume no one deployed it on a public site. No surprise
here either.
Part of my interest was that I am researching adding similar functionality
to Cayenne. And I don't want to make the mistakes that WO made. I guess my
conclusion is that while having a full ORM support within Java rich client
in a three tier system is nice, this is really a small niche and only a
few people use it. It is much more interesting to extend this mechanism to
be accessible by any non-Java apps. In today's world this of course means
web services. Oh well, hopefully I'll design something that serves both
Java and non-Java interfaces.
Cheers,
Andrus
> Hi!
>
> I am using WO JavaClient with WebObjects 5.2.3. I have no problems with
> runtime stability.
>
> Things to consider:
>
> 1. Performance, both download time and runtime performance
> 2. Complexity of the technology
> 3. => Learning cure
> 4. => Documentation can't possibly cover it all
> 5. => May produce very obscure error messages or symptoms depending on
> where and when things go wrong 5. ==> Hard to debug
>
> That said if you need that kind of complex and dynamic application the
> technology has impressive power. Despite using crappy Swing it has an
> huge edge over home brewed Swing applications.
>
> I don't use XCode. I got a fine setup with Eclipse/WOLips on Windows.
> The Windows version of InterfaceBuilder is buggy as hell though.
>
> Pierre
>
> -----Original Message-----
> From: webobjects-dev-bounces+pierre.bernard=email@hidden
> [mailto:webobjects-dev-bounces+pierre.bernard=email@hidden]On
> Behalf Of email@hidden
> Sent: Thursday, March 10, 2005 10:53 AM
> To: WebObjectsDev (Apple); Andrus Adamchik
> Subject: Re: WO JavaClient apps security
>
>
> hello Andrus,
>
> ----- Original Message -----
> From: "Andrus Adamchik" <email@hidden>
> To: "WebObjectsDev (Apple)" <email@hidden>
> Sent: Thursday, March 10, 2005 5:17 AM
> Subject: WO JavaClient apps security
>
>
>> Hi folks,
>>
>> I was wondering if there are any daring souls on this list who created
>> WO JavaClient apps for public use beyond the corporate intranet?
> No, its not a good idea, even Apple doesnt suggest that.
>
>>
>> I am not very optimistic on the whole idea, but still wanted to check.
>> I am aware of various security techniques that can be applied (SSL,
>> partitioning business logic, and so on),
> you are right, and its not safe.
>
>
>>but nothing seems to fully
>> address one fundamental limitation - unauthorized elevating of
>> database privileges by a "trusted" user. A client app can be
>> decompiled,
>> sticking an arbitrary fetch spec and suddenly a user becomes a
>> superuser...
>>
>> How many people use Java Client anyways ... ?
> not much. i asked around for couple of days weather JavaClient is good.
> the result in general not only for online use :
> 1. dont used it cos its too much buggey.
> 2. use it ONLY if you have no other choise.
> 3. u must have XCode.
>
> tell me weather you learnt something more, i am interested in the scope
> too.
>
> peaSe,
> Sako.
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden