Re: [appfuse-user] query about url encryption
There is no single answer to your question. Any configuration should be done in security.xml, but there will probably have to be additional classes created. My best suggestion would be to take a look at how AppFuse secures the UserManager with UserSecurityAdvice: http://fisheye4.cenqua.com/browse/appfuse/trunk/service/src/main/java/org/appfuse/service/UserSecurityAdvice.java That is one way to secure a manager. Another would be to take an approach like I did in AppFuse 1.x: http://raibledesigns.com/wiki/Wiki.jsp?page=AppFuseSecurityMethods2 I would also suggest taking a look at the Acegi documentation. There is a lot of good information about how to apply security. Nathan - Original Message - From: "ajay pokale" <[EMAIL PROTECTED]> To: users@appfuse.dev.java.net Sent: Sunday, April 29, 2007 10:55:25 PM (GMT-0800) America/Los_Angeles Subject: Re: [appfuse-user] query about url encryption Thanks,At last some one understood my proble.But in which files i have to make changes to implement Acegi security. regards, ajay Nathan Anderson < [EMAIL PROTECTED] > wrote: I agree, encryption does not really solve the problem if the users are determined to get to the data. The better way to fix this is to implement more Acegi features [e.g. method invocation interceptors] so users can only access the methods and objects they should be able to get to. Nathan - Original Message - From: "Jason Brice" To: users@appfuse.dev.java.net Sent: Friday, April 27, 2007 7:57:44 AM (GMT-0800) America/Los_Angeles Subject: Re: [appfuse-user] query about url encryption I think a much better way to do this would be to control what users have access to what data through the service layer your application than try and fool them with encrypted parameters. If you must, you could always base64 encode/decode the parameters. That would turn the string "How now brown cow" into "SG93IG5vdyBicm93biBjb3c=". Bullet proof against kids in tree-houses, but not acceptable encryption by any real world means. Jason On 4/27/07 , ajay pokale wrote: > > I want to do this,because when we are passing some parameter id or > methods names some through url ,some users are modifying the urls and > getting data which they are not supposed to acess. > > > > > *Nathan Anderson * wrote: > > I've never done this, so I wouldn't even know where to start. But I'm > wondering what the purpose of this is? Is the idea to make it harder for > users to guess a URL they might want to get to but should not have access > to? Or perhaps it is a helpful in making the app more Search Engine > friendly? > > Just curious... > > Nathan > > > - Original Message - > From: "ajay pokale" > To: users@appfuse.dev.java.net > Sent: Friday, April 27, 2007 12:01:17 AM (GMT-0800) America/Los_Angeles > Subject: Re: [appfuse-user] query about url encryption > > If we go on suppose yahoomail.com and do login, then we get a encrypted > url in our browser . > Like that If i click on url suppose > http://appfuse.org/display/APF/Web+Filters > Then it should look like in browser for example > http://appfuse.org/display/APF/Xfc+GjMufst > Should encrypt the letters in url while showing in browser. > > I have to do same in my appfuse project ,then in which files i have to do > changes. > > > > Thanks , > Ajay > > > Matt Raible wrote: > What do you mean by URL encryption - SSL? > > Matt > > On 4/26/07 , ajay pokale wrote: > > Hi, > > I want to know about how to do url encryption in Appfuse. > > > > Waitng for possitive reply. > > > > Thanks, > > Ajay. > > > > > > Ahhh...imagining that irresistible "new car" smell? > > Check out new cars at Yahoo! Autos. > > > > > > > -- > http://raibledesigns.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > Ahhh...imagining that irresistible "new car" smell? > Check outnew cars at Yahoo! Autos. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- > Ahhh...imagining that irresistible "new car" smell? > Check out new cars at Yahoo! Autos. > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Ahhh...imagining that irresistible "new car" smell? Check out new cars at Yahoo! Autos. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [appfuse-user] query about url encryption
Thanks,At last some one understood my proble.But in which files i have to make changes to implement Acegi security. regards, ajay Nathan Anderson <[EMAIL PROTECTED]> wrote: I agree, encryption does not really solve the problem if the users are determined to get to the data. The better way to fix this is to implement more Acegi features [e.g. method invocation interceptors] so users can only access the methods and objects they should be able to get to. Nathan - Original Message - From: "Jason Brice" To: users@appfuse.dev.java.net Sent: Friday, April 27, 2007 7:57:44 AM (GMT-0800) America/Los_Angeles Subject: Re: [appfuse-user] query about url encryption I think a much better way to do this would be to control what users have access to what data through the service layer your application than try and fool them with encrypted parameters. If you must, you could always base64 encode/decode the parameters. That would turn the string "How now brown cow" into "SG93IG5vdyBicm93biBjb3c=". Bullet proof against kids in tree-houses, but not acceptable encryption by any real world means. Jason On 4/27/07, ajay pokale wrote: > > I want to do this,because when we are passing some parameter id or > methods names some through url ,some users are modifying the urls and > getting data which they are not supposed to acess. > > > > > *Nathan Anderson * wrote: > > I've never done this, so I wouldn't even know where to start. But I'm > wondering what the purpose of this is? Is the idea to make it harder for > users to guess a URL they might want to get to but should not have access > to? Or perhaps it is a helpful in making the app more Search Engine > friendly? > > Just curious... > > Nathan > > > - Original Message - > From: "ajay pokale" > To: users@appfuse.dev.java.net > Sent: Friday, April 27, 2007 12:01:17 AM (GMT-0800) America/Los_Angeles > Subject: Re: [appfuse-user] query about url encryption > > If we go on suppose yahoomail.com and do login, then we get a encrypted > url in our browser . > Like that If i click on url suppose > http://appfuse.org/display/APF/Web+Filters > Then it should look like in browser for example > http://appfuse.org/display/APF/Xfc+GjMufst > Should encrypt the letters in url while showing in browser. > > I have to do same in my appfuse project ,then in which files i have to do > changes. > > > > Thanks , > Ajay > > > Matt Raible wrote: > What do you mean by URL encryption - SSL? > > Matt > > On 4/26/07, ajay pokale wrote: > > Hi, > > I want to know about how to do url encryption in Appfuse. > > > > Waitng for possitive reply. > > > > Thanks, > > Ajay. > > > > > > Ahhh...imagining that irresistible "new car" smell? > > Check out new cars at Yahoo! Autos. > > > > > > > -- > http://raibledesigns.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > Ahhh...imagining that irresistible "new car" smell? > Check outnew cars at Yahoo! Autos. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- > Ahhh...imagining that irresistible "new car" smell? > Check out new cars at Yahoo! Autos. > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos.
Re: [appfuse-user] query about url encryption
I agree, encryption does not really solve the problem if the users are determined to get to the data. The better way to fix this is to implement more Acegi features [e.g. method invocation interceptors] so users can only access the methods and objects they should be able to get to. Nathan - Original Message - From: "Jason Brice" <[EMAIL PROTECTED]> To: users@appfuse.dev.java.net Sent: Friday, April 27, 2007 7:57:44 AM (GMT-0800) America/Los_Angeles Subject: Re: [appfuse-user] query about url encryption I think a much better way to do this would be to control what users have access to what data through the service layer your application than try and fool them with encrypted parameters. If you must, you could always base64 encode/decode the parameters. That would turn the string "How now brown cow" into "SG93IG5vdyBicm93biBjb3c=". Bullet proof against kids in tree-houses, but not acceptable encryption by any real world means. Jason On 4/27/07, ajay pokale <[EMAIL PROTECTED]> wrote: > > I want to do this,because when we are passing some parameter id or > methods names some through url ,some users are modifying the urls and > getting data which they are not supposed to acess. > > > > > *Nathan Anderson <[EMAIL PROTECTED]>* wrote: > > I've never done this, so I wouldn't even know where to start. But I'm > wondering what the purpose of this is? Is the idea to make it harder for > users to guess a URL they might want to get to but should not have access > to? Or perhaps it is a helpful in making the app more Search Engine > friendly? > > Just curious... > > Nathan > > > - Original Message - > From: "ajay pokale" > To: users@appfuse.dev.java.net > Sent: Friday, April 27, 2007 12:01:17 AM (GMT-0800) America/Los_Angeles > Subject: Re: [appfuse-user] query about url encryption > > If we go on suppose yahoomail.com and do login, then we get a encrypted > url in our browser . > Like that If i click on url suppose > http://appfuse.org/display/APF/Web+Filters > Then it should look like in browser for example > http://appfuse.org/display/APF/Xfc+GjMufst > Should encrypt the letters in url while showing in browser. > > I have to do same in my appfuse project ,then in which files i have to do > changes. > > > > Thanks , > Ajay > > > Matt Raible wrote: > What do you mean by URL encryption - SSL? > > Matt > > On 4/26/07, ajay pokale wrote: > > Hi, > > I want to know about how to do url encryption in Appfuse. > > > > Waitng for possitive reply. > > > > Thanks, > > Ajay. > > > > > > Ahhh...imagining that irresistible "new car" smell? > > Check out new cars at Yahoo! Autos. > > > > > > > -- > http://raibledesigns.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > Ahhh...imagining that irresistible "new car" smell? > Check outnew cars at Yahoo! Autos. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- > Ahhh...imagining that irresistible "new car" smell? > Check out new cars at Yahoo! > Autos.<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM-> > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [appfuse-user] query about url encryption
I think a much better way to do this would be to control what users have access to what data through the service layer your application than try and fool them with encrypted parameters. If you must, you could always base64 encode/decode the parameters. That would turn the string "How now brown cow" into "SG93IG5vdyBicm93biBjb3c=". Bullet proof against kids in tree-houses, but not acceptable encryption by any real world means. Jason On 4/27/07, ajay pokale <[EMAIL PROTECTED]> wrote: I want to do this,because when we are passing some parameter id or methods names some through url ,some users are modifying the urls and getting data which they are not supposed to acess. *Nathan Anderson <[EMAIL PROTECTED]>* wrote: I've never done this, so I wouldn't even know where to start. But I'm wondering what the purpose of this is? Is the idea to make it harder for users to guess a URL they might want to get to but should not have access to? Or perhaps it is a helpful in making the app more Search Engine friendly? Just curious... Nathan - Original Message - From: "ajay pokale" To: users@appfuse.dev.java.net Sent: Friday, April 27, 2007 12:01:17 AM (GMT-0800) America/Los_Angeles Subject: Re: [appfuse-user] query about url encryption If we go on suppose yahoomail.com and do login, then we get a encrypted url in our browser . Like that If i click on url suppose http://appfuse.org/display/APF/Web+Filters Then it should look like in browser for example http://appfuse.org/display/APF/Xfc+GjMufst Should encrypt the letters in url while showing in browser. I have to do same in my appfuse project ,then in which files i have to do changes. Thanks , Ajay Matt Raible wrote: What do you mean by URL encryption - SSL? Matt On 4/26/07, ajay pokale wrote: > Hi, > I want to know about how to do url encryption in Appfuse. > > Waitng for possitive reply. > > Thanks, > Ajay. > > > Ahhh...imagining that irresistible "new car" smell? > Check out new cars at Yahoo! Autos. > > -- http://raibledesigns.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ahhh...imagining that irresistible "new car" smell? Check out new cars at Yahoo! Autos.<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM->
Re: [appfuse-user] query about url encryption
I want to do this,because when we are passing some parameter id or methods names some through url ,some users are modifying the urls and getting data which they are not supposed to acess. Nathan Anderson <[EMAIL PROTECTED]> wrote: I've never done this, so I wouldn't even know where to start. But I'm wondering what the purpose of this is? Is the idea to make it harder for users to guess a URL they might want to get to but should not have access to? Or perhaps it is a helpful in making the app more Search Engine friendly? Just curious... Nathan - Original Message - From: "ajay pokale" To: users@appfuse.dev.java.net Sent: Friday, April 27, 2007 12:01:17 AM (GMT-0800) America/Los_Angeles Subject: Re: [appfuse-user] query about url encryption If we go on suppose yahoomail.com and do login, then we get a encrypted url in our browser . Like that If i click on url suppose http://appfuse.org/display/APF/Web+Filters Then it should look like in browser for example http://appfuse.org/display/APF/Xfc+GjMufst Should encrypt the letters in url while showing in browser. I have to do same in my appfuse project ,then in which files i have to do changes. Thanks , Ajay Matt Raible wrote: What do you mean by URL encryption - SSL? Matt On 4/26/07, ajay pokale wrote: > Hi, > I want to know about how to do url encryption in Appfuse. > > Waitng for possitive reply. > > Thanks, > Ajay. > > > Ahhh...imagining that irresistible "new car" smell? > Check out new cars at Yahoo! Autos. > > -- http://raibledesigns.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos.
Re: [appfuse-user] query about url encryption
I've never done this, so I wouldn't even know where to start. But I'm wondering what the purpose of this is? Is the idea to make it harder for users to guess a URL they might want to get to but should not have access to? Or perhaps it is a helpful in making the app more Search Engine friendly? Just curious... Nathan - Original Message - From: "ajay pokale" <[EMAIL PROTECTED]> To: users@appfuse.dev.java.net Sent: Friday, April 27, 2007 12:01:17 AM (GMT-0800) America/Los_Angeles Subject: Re: [appfuse-user] query about url encryption If we go on suppose yahoomail.com and do login, then we get a encrypted url in our browser . Like that If i click on url suppose http://appfuse.org/display/APF/Web+Filters Then it should look like in browser for example http://appfuse.org/display/APF/Xfc+GjMufst Should encrypt the letters in url while showing in browser. I have to do same in my appfuse project ,then in which files i have to do changes. Thanks , Ajay Matt Raible <[EMAIL PROTECTED]> wrote: What do you mean by URL encryption - SSL? Matt On 4/26/07, ajay pokale wrote: > Hi, > I want to know about how to do url encryption in Appfuse. > > Waitng for possitive reply. > > Thanks, > Ajay. > > > Ahhh...imagining that irresistible "new car" smell? > Check out new cars at Yahoo! Autos. > > -- http://raibledesigns.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [appfuse-user] query about url encryption
If we go on suppose yahoomail.com and do login, then we get a encrypted url in our browser . Like that If i click on url suppose http://appfuse.org/display/APF/Web+Filters Then it should look like in browser for example http://appfuse.org/display/APF/Xfc+GjMufst Should encrypt the letters in url while showing in browser. I have to do same in my appfuse project ,then in which files i have to do changes. Thanks , Ajay Matt Raible <[EMAIL PROTECTED]> wrote: What do you mean by URL encryption - SSL? Matt On 4/26/07, ajay pokale wrote: > Hi, > I want to know about how to do url encryption in Appfuse. > > Waitng for possitive reply. > > Thanks, > Ajay. > > > Ahhh...imagining that irresistible "new car" smell? > Check out new cars at Yahoo! Autos. > > -- http://raibledesigns.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos.
Re: [appfuse-user] query about url encryption
What do you mean by URL encryption - SSL? Matt On 4/26/07, ajay pokale <[EMAIL PROTECTED]> wrote: Hi, I want to know about how to do url encryption in Appfuse. Waitng for possitive reply. Thanks, Ajay. Ahhh...imagining that irresistible "new car" smell? Check out new cars at Yahoo! Autos. -- http://raibledesigns.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[appfuse-user] query about url encryption
Hi, I want to know about how to do url encryption in Appfuse. Waitng for possitive reply. Thanks, Ajay. - Ahhh...imagining that irresistible "new car" smell? Check outnew cars at Yahoo! Autos.