+1 for adding methods for system registry operations in Repository API, rather than allowing clients to get the systemregistry and do the operation through that. This is secure and would be clean in terms of repository operations.
Shazni Nazeer Senior Software Engineer Mob : +94 715 440 607 LinkedIn : http://lk.linkedin.com/in/shazninazeer Blog : http://shazninazeer.blogspot.com On Mon, Jan 6, 2014 at 11:54 AM, Ajith Vitharana <[email protected]> wrote: > > > > On Mon, Jan 6, 2014 at 10:28 AM, Eranda Sooriyabandara <[email protected]>wrote: > >> Hi all, >> Now we exposed the all types of registries (will be Repository in future) >> to the outside registry kernel (Carbon kernel) via RegistryService. >> Here are the types of registries we have. >> systemRegistry >> configSystemRegistry >> governanceSystemRegistry >> userRegistry >> configUserRegistry >> governanceUserRegistry >> >> But if we take a close look we should be only exposing >> configUserRegistry, governanceUserRegistry which actually should be use in >> the platform level components. Other than that if we need to save something >> to local registry or as systemRegistry we should specifically give methods >> for them. For example if we want to retrieve last indexed time of a server >> we need to have a separate method. >> > > +1 > >> >> There are several advantages over this modification. >> 1. No one allowed to modify local registry + we may not need to show that >> in the resource browser. >> 2. There can be security issues when we expose system registries over an >> API >> 3. We have used systemRegistries all over our components for some >> operations which is incorrect because its overriding the authorization >> model + people won't find the correct logs. >> 4. People can use the system registry in their custom handlers which we >> should not allowed >> > > The problems comes when the users don't know about the different between > of each registry instances and their usage. Therefore we should restrict > (re-factor) to expose the *systemRegistry via the registry API. > > >> >> WDYT? >> >> thanks >> Eranda >> >> >> -- >> >> *Eranda Sooriyabandara *Senior Software Engineer; >> Integration Technologies Team; >> WSO2 Inc.; http://wso2.com >> Lean . Enterprise . Middleware >> >> E-mail: eranda AT wso2.com >> Mobile: +94 716 472 816 >> Linked-In: http://www.linkedin.com/in/erandasooriyabandara >> Blog: http://emsooriyabandara.blogspot.com/ >> >> >> >> >> > > > -- > Ajith Vitharana. > WSO2 Inc. - http://wso2.org > Email : [email protected] > Mobile : +94772217350 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
