Tap 4 can be done the same with pageValidate. On 11/10/05, Damian Krzeminski <[EMAIL PROTECTED]> wrote: > Patrick Casey wrote: > > > > > > <snip> > > Now, in theory, I'm vulnerable to a malicious user who could > > gain a user account and then submit synthetic directlinks referencing admin > > type resources. Just because my gui didn't render him a link to the > > administrator's user record doesn't mean that he can't type one in; it's > > just a string of letters and numbers. I can't do security based on link > > structure because, as I mentioned, both users and admins often have exactly > > the same physical link structure, rather I have to do it based on content. > > > > In Tapestry 3.0 (not sure about 4.x) pageValidate is called by DirectService > (which is used to > implement DirectLinks), so if you have authorization code there, your direct > links might be made > inaccessible to less privileged users. If you have "border-like" component > that is used by all your > pages you use its pageValidate to implement simple role based authentication. > Damian > > > > > > > > <snip> > > > > --- Pat > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
-- ~chris --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
