[jira] Commented: (TAP5-53) Mechanism to send pointers to serialized data to the client, not the data itself

Fri, 17 Oct 2008 02:43:17 -0700 

    [ 
https://issues.apache.org/jira/browse/TAP5-53?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12640479#action_12640479
 ] 

Massimo Lusetti commented on TAP5-53:
-------------------------------------

How does this relate to the concern of having non-human HTTP clients which act 
as clients to service exposed by a T5 application as a sort of REST url?

I mean http://service.mycompany.com/ordering/acquire/items.process which is a 
form form processing special order by vairous point of sales machines widely 
dislocated.

Now i've solved this issue in the client application hard coding (a sort of 
hard coding) the t:formdata form parameter. I know this way i'm tightly coupled 
with that particular version of T5 since if i upgrade the T5 libraries on the 
server i've to upgrade every single remote client.
How to better deal with that case?

I dream T5 would be able to not use t:formdata at all of have a better support 
for this particula case.

> Mechanism to send pointers to serialized data to the client, not the data 
> itself
> --------------------------------------------------------------------------------
>
>                 Key: TAP5-53
>                 URL: https://issues.apache.org/jira/browse/TAP5-53
>             Project: Tapestry 5
>          Issue Type: New Feature
>    Affects Versions: 5.0.15
>            Reporter: Howard M. Lewis Ship
>
> Tapestry has the capability to store much data on the client, whether it is 
> persisted page fields, or Form component action data.  This presents a couple 
> of problems; first, it inflates the size of the rendered HTML stream.  
> Second, it is a potential security issue, since a hyper-intelligent black hat 
> might find a way to change such data before returning it.
> What if Tapestry stored the associated bytestreams on the server, and 
> provided, in the HTML, just a relatively short pointer (a string id that 
> points to the correct bytestream) to the stream?
> A small amount of additional data on the server side could be used to 
> authenticate the pointer, using the user's session id (if a session exists) 
> and host ip.
> Unreferenced data would be periodically purged.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to