John, I'm by no means an expert on this, however. It is my understanding that a simple situation of you not having access to a field, this lack of access means that you don't even get to know that the field exists, and if you have a single form that contains all objects, and controls the display of them, that tells you the entire 'data dictionary' of the form...I think that is one of the things.
-----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of John Baker Sent: Tuesday, January 22, 2013 2:58 PM To: [email protected] Subject: [Info] Midtier Preload: 7604 SP4ars Doug, You make a good point. > Because different users have different permissions and access todifferent > fields and constructs and workflow. But that's not something JS can't do for you, given the permissioning has to exist on the server side for security reasons. In fact, I guess it's handled at AR System already? > Creating one page for all users would be a security violation asusers > could then No, it wouldn't. The JS travels through corporate proxies/etc. Allowing to render the appropriate display based on user permissions is perfectly acceptable, as long as the server side is protecting the submissions. After all, a user can craft requests to the various Mid Tier servlets with a standard login to Mid Tier, and I'd expect those servlets to ensure the requests were valid. And a pen-tester will go straight to them. But regardless, if this was a major issue, Mid Tier could perform server-side pre-processing of locally cached JS. This would still be vastly more efficient than the current system of a Mid Tier dragging all of ITSM into memory and bringing the host to a halt, particularly because it's loading AR API representations of instructions that take vastly more memory than loading compiled code. John _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
