Re: [Lift] Re: Support for page and snippet level localization

2010-02-09 Thread James Matlik
I would also be very interested in more detail on this topic. I've been
toying with designs with a variety of technologies (a self-driven academic
activity this far) to formulate how a massively multilingual site (upwards
of 12 languages) could be implemented. I've not had much luck understanding
the capabilities and limitations (perhaps a better word is boundaries) of
lift's templating system for both language support and performance/resource
usage for huge quantities of content.

A bit off topic but related... There has been talk before on the mailing
list about creating a CMS.  Has anything come of that?

Regards,
James

On Feb 9, 2010 9:47 AM, Hugo Palma hugo.m.pa...@gmail.com wrote:

Sorry Tim but i don't quite understand what you mean by page is
scoped to a single snippet and that invalidates that you have a
resource bundle per page. Sorry is this is clear to everyone else but
i'm new with Lift so i'm still grasping basic concepts.


On Feb 8, 10:49 pm, Timothy Perrett timo...@getintheloop.eu wrote:
 That wouldn't work for Lift ...
  For more options, visit this group athttp://
groups.google.com/group/liftweb?hl=en.


-- 
You received this message because you are subscribed to the Google Groups
Lift group.
To post...

-- 
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to lift...@googlegroups.com.
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en.



[Lift] Version of maven for lift

2010-01-21 Thread James Matlik
What is Lift's recommended version of Maven?  I am looking to create an sbaz
package for easy download and install for maven for newcomers (myself
included), and figure that having one that is compatible with lift would be
of prime interest.  Is the latest and greatest version compatible with 2.0?

Regards,
James
-- 

You received this message because you are subscribed to the Google Groups "Lift" group.

To post to this group, send email to lift...@googlegroups.com.

To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.



Re: [Lift] Re: [lift] Version of maven for lift

2010-01-21 Thread James Matlik
Sbt is on the plan too, as well as svnkit which is a command line svn client
in Java.

On Jan 21, 2010 4:30 PM, Channing Walton channingwal...@mac.com wrote:


I use maven 2.2.1 without any problem. i prefer to use sbt these days which
still makes use of mvn repositories.

James Matlik wrote:   What is Lift's recommended version of Maven? I am
looking to create an ...
 --

 You received this message because you are subscribed to the Google Groups
 Lift group.

 To post to this group, send email to lift...@googlegroups.com.

 To unsubscribe from this group, send email to
 liftweb+unsubscr...@googlegroups.comliftweb%2bunsubscr...@googlegroups.com
.

 For more options, visit this group at
 http://groups.google.com/group/liftweb?hl=en.




--
View this message in context:
http://old.nabble.com/Version-of-maven-for-lift-tp27264662p27264918.html
Sent from the liftweb mailing list archive at Nabble.com.

--
You received this message because you are subscribed to the Google Groups
Lift group.
To post to this group, send email to lift...@googlegroups.com.
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.comliftweb%2bunsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to lift...@googlegroups.com.
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en.



Re: [Lift] Version of maven for lift

2010-01-21 Thread James Matlik
I will be creating a sbaz package containing a maven release. I realize that
lift generally doesn't use the scala distribution (which comes with sbaz ),
but it does seem a logical stepping stone for beginners and tinkerers. I
just want to make things readily accessible. Since 2.2.1 works, I'll run
with that.

On Jan 21, 2010 6:03 PM, Naftoli Gugenheim naftoli...@gmail.com wrote:

You want an sbaz package that will contain what exactly?

-

James Matlikjames.mat...@gmail.com wrote: What is Lift's recommended
version of Maven? I am look...

-- 
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to lift...@googlegroups.com.
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en.



[Lift] Re: security

2009-06-16 Thread James Matlik
This looks to be a very significant selling point for Lift.  I realize there
are some high level comments about Lift being designed for security, but I
haven't seen any details explaining what measures have been put in place to
qualify those statements.  This is a prime example of what should be put
into some marketing detail pages on the wiki.  I would love to see a
writeup covering these security measures exhaustively.

On Sat, Jun 13, 2009 at 4:47 PM, David Pollak feeder.of.the.be...@gmail.com
 wrote:



 On Wed, Jun 10, 2009 at 4:45 PM, Oliver Lambert olambo...@gmail.comwrote:



 On Wed, Jun 10, 2009 at 11:58 PM, David Pollak 
 feeder.of.the.be...@gmail.com wrote:



 On Tue, Jun 9, 2009 at 11:39 PM, marius d. marius.dan...@gmail.comwrote:


 Hi,

 For most apps cannonicalization is not really necessary as the
 character stream for form-url-encoded is UTF-8 by default as Lift uses
 UTF-8 by default. Oh and the conversion from URL encoding to plain
 UTF-8 content is really done by container and when we get the params
 from the request object they are already well formed. Now if we're
 talking about a higher level of validation that's a different story
 and IMO this is an application aspect and not much a framework one.


 And Lift does URL Decoding of the paths before presenting them as the
 Req() object.

 More broadly, Lift should provide all the features of ESAPI out of the
 box.  If there are particular things that ESAPI offers that Lift doesn't,
 please flag them and we'll add them.

 I did a bunch of years as VPE and CTO at a web app security company.  In
 general, I've worked to make sure that Lift has security baked in and that
 the developer has to work to make the app insecure, rather than vice versa.
  If I missed a spot, Lift will be enhanced to make sure it does have
 security baked in.


 From my perspective Lift is secure, much more so than other frameworks
 I've used. The current set of Lift apps, that I've helped develop, have
 survived outsourced penetration testing without requiring any modifications
 at all.  Great!

 I'm not a security expert, but I am being asked to consider ESAPI
 features. From my limited understanding, the UTF-8 encoding is fine and Lift
 protects the response from displaying any scripts or html that might have
 inadvertently been added to the database.  The problem is more what is being
 validated and how its being validated. I don't buy Marius's claim that this
 is somehow a higer order validation that is an application concern rather
 than a framework one. The internet has all the insecurities it has, because
 security has been left to the application developer.

 As far a I can see, one problem lies when a string is obtained from the
 web page and instanciated into a String object.  For instance, if it comes
 in as
 scriptalert('XSS')/script, then its probably not what you want.


 I see no reason that you don't want this.  As long as it's a String, it
 will be XML escaped when it's presented to the user.  Unless this String
 were put into an Unparsed block (some affirmative action by the developer),
 it would always appear to the user the way the user typed it.  This is the
 advantage of keeping everything as XML until just before the page is
 delivered to the user.


 Why does it matter if something like this gets stored in your database -
 perhaps because it's one part of your security.  In addition if it comes in
 doubly encoded as

 %253Cscript%253Ealert('XSS')%253C%252Fscript%253E

 then its probably also not what you want.

 1) To stop double encoding, ESAPI suggests that you use cannonicalization
 to convert the strings to a similar format before validation.


 Lift is fact does this.  Lift and/or the app server converts the bytes to
 Strings using UTF-8 encoding and then splits and URL-decodes the Strings
 before delivering them to the application.  The application always sees the
 String as the user typed the String.  All validation is done against Strings
 that have been decoded the same way.



 2) After, the input has been cannonicalized, ESAPI suggests that the input
 should be validated against a whitelist of allowed charaters.


 I disagree with this recommendation within the bounds of a Lift app.
 Strings in Java survive having \00 characters.  They are impurvious to
 buffer overflow attacks.  Strings are escaped before being used as part of
 queries by the JDBC and/or JPA systems (unless the developer explicitly
 builds their own query string, which requires that the developer sign and
 date the code and is a place where one can grep for the construct during a
 code review.)  Strings back out to XML or XHTML will be escaped properly,
 unless the developer uses Unparsed() in rendering... once again, something
 that can be easily checked for in a code review.

 The above rules don't apply to PHP or other code that builds queries from
 raw Strings.  The above rules don't apply to any templating system (all that
 I know of except perhaps 

[Lift] Re: Menu widget

2009-03-21 Thread James Matlik
Is there a running version of the widgets site online, or is this only
available in source format?  It would be nice to have something like this
linked to the liftweb home page or wiki for people to test drive these
features at zero cost.  I did a quick look there and didn't find anything of
the kind.

On Sat, Mar 21, 2009 at 5:44 AM, Marius marius.dan...@gmail.com wrote:


 Folks,

 I just committed the menu widget. Now the Widgets test site uses this
 widget instead of the traditional builtin menu. You can also specify
 the style of the menu using MenuStyle.HORIZONTAL,  MenuStyle.VERTICAL
 and  MenuStyle.NAVBAR.

 All these thanks to superfish jquery plugin
 http://users.tpg.com.au/j_birch/plugins/superfish/

 Oh you can also customize the superfish plugin by specifying the JsObj
 to set the properties.

 Thoughts/suggestions ?

 Br's,
 Marius
 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: Google search results

2009-03-12 Thread James Matlik
Why not have those links generate 301 redirects to the new site locations?
It won't do much for people's existing bookmarks, but should allow search
engines to update without the dead links.

On Wed, Mar 11, 2009 at 6:50 PM, Timothy Perrett timo...@getintheloop.euwrote:


 In short, no. We can't fix those results as they are generated by
 google not by our good selves.

 I belive this is because the wiki used to be on the lift TLD. Over
 time this will work itself out - appologies for any confussion this
 had caused.

 Cheers, Tim

 Sent from my iPhone

 On 11 Mar 2009, at 18:20, lmorroni la...@morroni.com wrote:

 
  Hello,
  I could not help but notice that the mini site map that gets returned
  on google when searching for lift framework has dead links. Can
  someone fix that?
  Larry
 
  
 

 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: Lift's documentation

2009-03-09 Thread James Matlik
Hello Derek,

I fully understand having a day job and prioritizing side projects
accordingly.  I also appreciate the work you, Marius and Tyler have done
with the book.  I have found it very helpful in my playing over the weekend.

It looks like there are two versions of the getting started doc available.
The version on the liftweb.net home page is the newer, updated version while
an older version is available on the wiki main page.

Also, I've found a few typos (I think) in the Exploring Lift book.  I am not
overly familiar with git, so it is very possible I've pulled an older
version of that as well.  I got there, again, via the link on the wiki main
page.  Using git-show, it looks like the last commit was:

Author: Derek Chen-Becker git...@chen-becker.org
Date:   Fri Mar 6 16:13:21 2009 -0700
Minor corrections and formatting on Actors section.

I believe the typo is in listing 6.36, shown below.

val menus = ... Menu(Loc(...)) :: Transaction.menus :: Nil
LiftRules.setSiteMap(SiteMap(menus : _*))

This should be using the ::: operator instead of :: because the CRUDify
menus are returned as Lists.  Using the :: would assign a List[Product]
instead of the required Seq[Menu].

It would be nice if there were some more detail surrounding the CRUDify
feature, particularly in relation to foreign keys.  I must have spent 3
hours trying to figure out how to create a selector box on the edit/create
pages, as well as output human readable output on the display pages.  It
required a combination of digging into the lift-webkit source and querying
on google with just the right text.

Thanks,
James

On Sun, Mar 8, 2009 at 5:47 PM, Derek Chen-Becker dchenbec...@gmail.comwrote:

 I'm addressing some of your notes/questions below

 On Sat, Mar 7, 2009 at 6:18 PM, Matlik james.mat...@gmail.com wrote:

   - Simply copying and pasting the commands into the command line can
 be problematic.  For example, when I tried to start the 'todo'
 tutorial, I ended up with the following.  Notice that most of the
 pasted text has a space between each letter, and the hyphen character
 is not the ascii '-' but the unicode '-' (appears longer on my
 system).


 That's odd. I just tested the most recent version that's up on the website
 with both Acroread and Evince and both of them copy text fine. The older
 version of the PDF had incorrect fonts set which would have caused the
 problem you're seeing, so could you please make sure that you have the
 latest one?



  - In general, I think it is good practice to have such documentation
 online in HTML format, particularly the quick-start and entry level
 docs.


 I agree. I'll work on putting up both an HTML and PDF version.




  - You may want to consider using page space more economically within
 the PDF doc.  There is a lot of dead white space around the text.
 This can be useful for jotting down notes, but it also requires more
 paper when printing.  Using more of the white space is good for both
 economical and ecological greenness. Granted, the StartingWithLift.pdf
 document isn't huge, but every little bit helps.


 I wonder if this is the same issue with the older PDF, since I
 significantly adjusted margins on the new one.


 4. Is there some reason why the wiki cannot provide the In Progress
 Book in PDF or HTML format?


 Yes. I'm having an issue properly exporting PDF and HTML from LyX in an
 automated fashion so we would have to manually build nightlies at this
 point. This is something I've been working on for a while, but please
 understand that setting up this infrastructure is very low on my priority
 list. Tyler, Marius and I have day jobs, do a lot of work on Lift proper,
 and are working hard to get the book ship-shape, so it didn't seem
 unreasonable to have people build it themselves. Stay tuned for more info on
 this front, and I'll put a current PDF on the github site today.

  The long and the short of it is I felt like I needed to dig and jump

 through hoops to get to the best documentation available.  All the
 information is there; it just isn't easily (or obviously) accessible
 with a few mouse clicks from the liftweb.net home page.  I am a
 persistent guy, but I do like my immediate gratification.


 Please let me know if you continue to have issues with the getting started
 docs and I'll work on the rest of the issues I discussed here.

  Derek


 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---



[Lift] Re: Lift's documentation

2009-03-09 Thread James Matlik
That thought did come to me, but you are correct.  I can see inconsistencies
but don't know enough to be certain I wouldn't lead others astray.  It is
also possible work in progress that I am seeing mid-stream.

On Mon, Mar 9, 2009 at 6:43 AM, Charles F. Munat c...@munat.com wrote:


 You can actually update the wiki yourself, I think. It's probably faster
 that writing about it to the list, unless you're not sure you're correct...

 Chas.

 James Matlik wrote:
 
  I have found another inconsistency on the wiki at
  http://wiki.liftweb.net/index.php?title=HowTo_run_examples.  The wiki
  has several links for obtaining the version 1.0 example source code;
  however, only the links for downloading the WAR files work.  All the
  other links for obtaining the sources are dead.  The google code project
  doesn't even have a lift-1.0 tag in the subversion repository; lift-0.8
  appears to be the most recent.  How should code be pulled from svn?
  Should we use the lift-0.8 tag or pull from head?  Or has the code moved
  to git, so the svn repository should be considered legacy?
 
  Thanks,
  James
 
  

 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to 
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---