Re: WO JavaClient apps security
Re: WO JavaClient apps security
- Subject: Re: WO JavaClient apps security
- From: Ryan Poling <email@hidden>
- Date: Thu, 17 Mar 2005 08:32:28 -0800
On Mar 9, 2005, at 8:17 PM, Andrus Adamchik wrote:
Hi folks,
I was wondering if there are any daring souls on this list who created
WO JavaClient apps for public use beyond the corporate intranet?
I am not very optimistic on the whole idea, but still wanted to check.
I am aware of various security techniques that can be applied (SSL,
partitioning business logic, and so on), but nothing seems to fully
address one fundamental limitation - unauthorized elevating of
database privileges by a "trusted" user. A client app can be
decompiled, sticking an arbitrary fetch spec and suddenly a user
becomes a superuser...
How many people use Java Client anyways ... ?
Not too many - we're using it though and it's working (mostly) for us.
The main problem with Java Client is that it's not very well supported,
and the translation from the Cocoa interface which Interface Builder
lets you design to a Java Swing interface is not complete. Some
widgets are translated, some aren't, and the list of what *is* and
isn't translated is very brief and incomplete. So a lot of trial and
error is required to figure out how to do things.
Still - it *does* work...
-Ryan
Cheers,
Andrus
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden