This (the original idea) is also a security hole: you are letting code which
was submitted by the browser run on your server. Who says the handle you got
was the handle you gave?
Using the session is much better, I agree.
- Avi
--
s/\be(\w+)/e-\1/g;
> -----Original Message-----
> From: Thomas Preston [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 29, 2000 14:43
> To: [EMAIL PROTECTED]
> Subject: Re: Robustness of EJBHandle
>
>
> If you do that, you will have to pass the handle around. It
> is easier to
> just stuff the handle into the servlet session and retrieve
> it from the
> servlet session I think.
>
>
> >From: James Webster <[EMAIL PROTECTED]>
> >Reply-To: A mailing list for Enterprise JavaBeans development
> ><[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Robustness of EJBHandle
> >Date: Thu, 29 Jun 2000 09:45:16 +1000
> >
> >Hello folks,
> >
> >Can I reasonably expect an EJB Handle to survive the following
> >serialisation?
> >
> >1. A servlet, which has a remote reference to a bean, gets
> the handle of
> >the bean and writes it to the ServletOutputStream as part of
> HTML (say the
> >value of a hidden form field <INPUT type="hidden"
> name="someField" value
> >="<handle here>">
> >2. The browser posts a form to another servlet.
> >3. The servlet takes the value of the 'someField' form
> field, deserialises
> >it to an EJBHandle, and reinstates the remote reference?
> >
> >Can I expect this to work on ALL application servers?
> >
> >How big would a serialised handle be?
> >
> >Regards,
> >James W.
> >
> >-------------------------------------------------------------
> -------------
> >Visit us at Cards Australia 2000 on Stand 31A. Cards
> Australia will be
> >held at the Melbourne Convention Centre from July 4-6 2000.
> >-------------------------------------------------------------
> -------------
> >This e-mail is from Cards Etc Pty Ltd (ACN: 069 533 302). It
> may contain
> >privileged and confidential information. It is intended for the named
> >recipient(s) only. If you are not an intended recipient,
> please notify us
> >immediately by reply e-mail or by phone on +61 2 9212 7773 &
> delete this
> >e-mail from your system.
> >-------------------------------------------------------------
> -------------
> >
> >=============================================================
> ==============
> >To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> >of the message "signoff EJB-INTEREST". For general help,
> send email to
> >[EMAIL PROTECTED] and include in the body of the message "help".
> >
>
> ______________________________________________________________
> __________
> Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
