On Mon, Dec 19, 2011 at 9:12 PM, Thilina Buddhika <[email protected]> wrote:
> Hi Folks, > > At the moment, the two invalid character sets used in UM(for usernames and > rolenames) and Registry (for Registry resources) are not synced. But in > some of the components, username is used as part of the registry > resources. Due to this , there are so many Carbon jira's created for > broken functionality when there are characters in the usernames/rolesnames > which are considered invalid for registry resource names. When I reviewed > Jiras created for Identity and Security components, I found nearly 10-15 > Jiras created for similar cases. I think it is the case for other > components as well. > > So I suggest we should consider the same set of characters as invalid for > both UM and Registry. > +1 How about introducing a JS function into core ui bundle that can filter and identify the invalid characters. I also faced this kind of issue where sql injection was possible when I hadn't controlled the role-names allowed into server-roles component. So I ended up in adding my own js function to filter these. If it is available from core ui utils itself it would be much easier to define a common rule-set for allowing characters for property names from the ui, etc. thanks, > Thanks, > Thilina > > > -- > Thilina Buddhika > Associate Technical Lead > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Supun Malinga, Software Engineer, WSO2 Inc. http://wso2.com http://wso2.org email - [email protected] <[email protected]> mobile - 071 56 91 321
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
