On Mon, Dec 19, 2011 at 11:54 PM, Senaka Fernando <sen...@wso2.com> wrote:
> Hi all, > > +1. I thought we had it in some form, and it seems that I was wrong. All > invalid characters of G-Reg, should be invalid for UM, and UM can have > additional invalid characters if needed. Both the registry BE and FE have > validations, and may be we can reuse some logic in UM. > UM also has both FE and BE validations. The only problem is the invalid character set is not synced up with that of the registry. Thanks, Thilina > > Thanks, > Senaka. > > > On Mon, Dec 19, 2011 at 10:06 PM, Prabath Siriwardena <prab...@wso2.com>wrote: > >> >> >> On Mon, Dec 19, 2011 at 9:31 PM, Supun Malinga <sup...@wso2.com> wrote: >> >>> >>> >>> On Mon, Dec 19, 2011 at 9:12 PM, Thilina Buddhika <thili...@wso2.com>wrote: >>> >>>> Hi Folks, >>>> >>>> At the moment, the two invalid character sets used in UM(for usernames >>>> and rolenames) and Registry (for Registry resources) are not synced. But in >>>> some of the components, username is used as part of the registry >>>> resources. Due to this , there are so many Carbon jira's created for >>>> broken functionality when there are characters in the usernames/rolesnames >>>> which are considered invalid for registry resource names. When I reviewed >>>> Jiras created for Identity and Security components, I found nearly 10-15 >>>> Jiras created for similar cases. I think it is the case for other >>>> components as well. >>>> >>>> So I suggest we should consider the same set of characters as invalid >>>> for both UM and Registry. >>>> >>> >>> +1 >>> How about introducing a JS function into core ui bundle that can filter >>> and identify the invalid characters. I also faced this kind of issue where >>> sql injection was possible when I hadn't controlled the role-names allowed >>> into server-roles component. So I ended up in adding my own js function to >>> filter these. If it is available from core ui utils itself it would be much >>> easier to define a common rule-set for allowing characters for property >>> names from the ui, etc. >>> >> >> This also needs to be checked both at the UI level as well as at the >> service level - and UI should ideally ask the validation rule from the BE >> and then validate.. and BE should also validate independently... >> >> Thanks & regards, >> -Prabath >> >> >>> >>> thanks, >>> >>> >>>> Thanks, >>>> Thilina >>>> >>>> >>>> -- >>>> Thilina Buddhika >>>> Associate Technical Lead >>>> WSO2 Inc. ; http://wso2.com >>>> lean . enterprise . middleware >>>> >>>> phone : +94 77 44 88 727 >>>> blog : http://blog.thilinamb.com >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> Carbon-dev@wso2.org >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> >>> -- >>> Supun Malinga, >>> >>> Software Engineer, >>> WSO2 Inc. >>> http://wso2.com >>> http://wso2.org >>> email - sup...@wso2.com <sup...@wso2.com> >>> mobile - 071 56 91 321 >>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > *Senaka Fernando* > Product Manager - WSO2 Governance Registry; > Associate Technical Lead; WSO2 Inc.; http://wso2.com > * > Member; Apache Software Foundation; http://apache.org > > E-mail: senaka AT wso2.com > **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 > Linked-In: http://linkedin.com/in/senakafernando > > *Lean . Enterprise . Middleware > > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thilina Buddhika Associate Technical Lead WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
