Hi all, +1. I thought we had it in some form, and it seems that I was wrong. All invalid characters of G-Reg, should be invalid for UM, and UM can have additional invalid characters if needed. Both the registry BE and FE have validations, and may be we can reuse some logic in UM.
Thanks, Senaka. On Mon, Dec 19, 2011 at 10:06 PM, Prabath Siriwardena <[email protected]>wrote: > > > On Mon, Dec 19, 2011 at 9:31 PM, Supun Malinga <[email protected]> wrote: > >> >> >> On Mon, Dec 19, 2011 at 9:12 PM, Thilina Buddhika <[email protected]>wrote: >> >>> Hi Folks, >>> >>> At the moment, the two invalid character sets used in UM(for usernames >>> and rolenames) and Registry (for Registry resources) are not synced. But in >>> some of the components, username is used as part of the registry >>> resources. Due to this , there are so many Carbon jira's created for >>> broken functionality when there are characters in the usernames/rolesnames >>> which are considered invalid for registry resource names. When I reviewed >>> Jiras created for Identity and Security components, I found nearly 10-15 >>> Jiras created for similar cases. I think it is the case for other >>> components as well. >>> >>> So I suggest we should consider the same set of characters as invalid >>> for both UM and Registry. >>> >> >> +1 >> How about introducing a JS function into core ui bundle that can filter >> and identify the invalid characters. I also faced this kind of issue where >> sql injection was possible when I hadn't controlled the role-names allowed >> into server-roles component. So I ended up in adding my own js function to >> filter these. If it is available from core ui utils itself it would be much >> easier to define a common rule-set for allowing characters for property >> names from the ui, etc. >> > > This also needs to be checked both at the UI level as well as at the > service level - and UI should ideally ask the validation rule from the BE > and then validate.. and BE should also validate independently... > > Thanks & regards, > -Prabath > > >> >> thanks, >> >> >>> Thanks, >>> Thilina >>> >>> >>> -- >>> Thilina Buddhika >>> Associate Technical Lead >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 77 44 88 727 >>> blog : http://blog.thilinamb.com >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Supun Malinga, >> >> Software Engineer, >> WSO2 Inc. >> http://wso2.com >> http://wso2.org >> email - [email protected] <[email protected]> >> mobile - 071 56 91 321 >> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Thanks & Regards, > Prabath > > http://blog.facilelogin.com > http://RampartFAQ.com > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- *Senaka Fernando* Product Manager - WSO2 Governance Registry; Associate Technical Lead; WSO2 Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
