Re: Passing User information to an applet.

Fri, 03 Aug 2001 09:27:41 -0700 

Jim,
I have not used ECS.

As to the security issues, The HTML that is generated by a portlet is
define by the writer of that portlet, not the user.  If the portlet
passes parameter that can be set by the user, via the customizer, then
the portlet should verify the parameters.  

Regarding the applet, since the applet is called via html, yes the user
can copy the html code from the portlet to a temp_file, change the
parameters in the temp_file and run the applet via the temp_file.  The
portlet can encode the data for the applet making it harder for someone
to "mess with", or the applet communicate do it's own login, or a
combination of the previous, ....

Paul Spencer


Jim O'Connor wrote:
> 
> Paul,
>     I was thinking about doing that using ECS.  However, I am a bit
> concerned about security.  Do you see a security issue?  Seems to me that it
> would be fairly simple to become a user by constructing HTML by hand with
> the proper user parameter..  Is this not an issue?
> 
> ----- Original Message -----
> From: Paul Spencer <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, August 03, 2001 11:29 AM
> Subject: Re: Passing User information to an applet.
> 
> > Jim,
> > Instead of using an HTML portlet, use an other portlet type (I would
> > start with Velocity) and generate the HTML including the applet tag with
> > the parameter(s) containing the user information to pass to the applet.
> > The HTML portlet just uses the static file as the portlet.
> >
> > I assume your next question is "Examples?".  I do not have any.  Try
> > searching the mailing list.
> >
> > Paul Spencer
> >
> > Jim O'Connor wrote:
> > >
> > > Anyone have a suggestion on how to pass jetspeed/turbine user
> information to an applet running within a HTML portlet?
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to