Hi Senaka, On Tue, Dec 20, 2011 at 10:22 AM, Senaka Fernando <sen...@wso2.com> wrote:
> Hi Hasini, > > That's defined in a constant in the registry kernel, IIRC. Unlike in UM, > the characters restricted in G-Reg are those that are not allowed by SQL, > and the delimiters we have used in the code. So, the list is constant, > instead of something that a user can define as in UM. > > Can you please point to those constants defined the code? I hope it is in one place. So that we can decide whether we can include them in the default regular expression that we specify in configuration, in order to sync the invalid characters used in UM and Registry. Thanks, Hasini. Thanks, > Senaka. > > > On Tue, Dec 20, 2011 at 10:18 AM, Hasini Gunasinghe <has...@wso2.com>wrote: > >> >> >> On Mon, Dec 19, 2011 at 11:58 PM, Thilina Buddhika <thili...@wso2.com>wrote: >> >>> >>> >>> On Mon, Dec 19, 2011 at 11:54 PM, Senaka Fernando <sen...@wso2.com>wrote: >>> >>>> Hi all, >>>> >>>> +1. I thought we had it in some form, and it seems that I was wrong. >>>> All invalid characters of G-Reg, should be invalid for UM, and UM can have >>>> additional invalid characters if needed. Both the registry BE and FE have >>>> validations, and may be we can reuse some logic in UM. >>>> >>> >>> UM also has both FE and BE validations. The only problem is the invalid >>> character set is not synced up with that of the registry. >>> >> >> UM does FE and BE validation according to the following parameters >> defined in user-mgt.xml and hence they are configurable. >> Where are those of registry are specified? >> If they are also read from configuration, we can make default >> configurations the same. >> >> -UsernameJavaRegEx >> -UsernameJavaScriptRegEx >> -RolenameJavaRegEx >> -RolenameJavaScriptRegEx >> >> Thanks, >> Hasini. >> >>> >>> Thanks, >>> Thilina >>> >>> >>>> >>>> Thanks, >>>> Senaka. >>>> >>>> >>>> On Mon, Dec 19, 2011 at 10:06 PM, Prabath Siriwardena <prab...@wso2.com >>>> > wrote: >>>> >>>>> >>>>> >>>>> On Mon, Dec 19, 2011 at 9:31 PM, Supun Malinga <sup...@wso2.com>wrote: >>>>> >>>>>> >>>>>> >>>>>> On Mon, Dec 19, 2011 at 9:12 PM, Thilina Buddhika >>>>>> <thili...@wso2.com>wrote: >>>>>> >>>>>>> Hi Folks, >>>>>>> >>>>>>> At the moment, the two invalid character sets used in UM(for >>>>>>> usernames and rolenames) and Registry (for Registry resources) are not >>>>>>> synced. But in some of the components, username is used as part of the >>>>>>> registry resources. Due to this , there are so many Carbon jira's >>>>>>> created >>>>>>> for broken functionality when there are characters in the >>>>>>> usernames/rolesnames which are considered invalid for registry resource >>>>>>> names. When I reviewed Jiras created for Identity and Security >>>>>>> components, >>>>>>> I found nearly 10-15 Jiras created for similar cases. I think it is the >>>>>>> case for other components as well. >>>>>>> >>>>>>> So I suggest we should consider the same set of characters as >>>>>>> invalid for both UM and Registry. >>>>>>> >>>>>> >>>>>> +1 >>>>>> How about introducing a JS function into core ui bundle that can >>>>>> filter and identify the invalid characters. I also faced this kind of >>>>>> issue >>>>>> where sql injection was possible when I hadn't controlled the role-names >>>>>> allowed into server-roles component. So I ended up in adding my own js >>>>>> function to filter these. If it is available from core ui utils itself it >>>>>> would be much easier to define a common rule-set for allowing characters >>>>>> for property names from the ui, etc. >>>>>> >>>>> >>>>> This also needs to be checked both at the UI level as well as at the >>>>> service level - and UI should ideally ask the validation rule from the BE >>>>> and then validate.. and BE should also validate independently... >>>>> >>>>> Thanks & regards, >>>>> -Prabath >>>>> >>>>> >>>>>> >>>>>> thanks, >>>>>> >>>>>> >>>>>>> Thanks, >>>>>>> Thilina >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thilina Buddhika >>>>>>> Associate Technical Lead >>>>>>> WSO2 Inc. ; http://wso2.com >>>>>>> lean . enterprise . middleware >>>>>>> >>>>>>> phone : +94 77 44 88 727 >>>>>>> blog : http://blog.thilinamb.com >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Carbon-dev mailing list >>>>>>> Carbon-dev@wso2.org >>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Supun Malinga, >>>>>> >>>>>> Software Engineer, >>>>>> WSO2 Inc. >>>>>> http://wso2.com >>>>>> http://wso2.org >>>>>> email - sup...@wso2.com <sup...@wso2.com> >>>>>> mobile - 071 56 91 321 >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Carbon-dev mailing list >>>>>> Carbon-dev@wso2.org >>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Prabath >>>>> >>>>> http://blog.facilelogin.com >>>>> http://RampartFAQ.com >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> Carbon-dev@wso2.org >>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Senaka Fernando* >>>> Product Manager - WSO2 Governance Registry; >>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com >>>> * >>>> Member; Apache Software Foundation; http://apache.org >>>> >>>> E-mail: senaka AT wso2.com >>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>> Linked-In: http://linkedin.com/in/senakafernando >>>> >>>> *Lean . Enterprise . Middleware >>>> >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> Carbon-dev@wso2.org >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> >>> -- >>> Thilina Buddhika >>> Associate Technical Lead >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 77 44 88 727 >>> blog : http://blog.thilinamb.com >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > *Senaka Fernando* > Product Manager - WSO2 Governance Registry; > Associate Technical Lead; WSO2 Inc.; http://wso2.com* > Member; Apache Software Foundation; http://apache.org > > E-mail: senaka AT wso2.com > **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 > Linked-In: http://linkedin.com/in/senakafernando > > *Lean . Enterprise . Middleware > > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
