Quinton McCombs wrote:
i think the OBJECT_DATA column should be removed ... it's easy to extend the user object ..I have implemented the fix mentioned in the previous message. There is one small difference...I ended up saving everything that would be serialized into the OBJECT_DATA column on session unbind. This could pose a *small* problem for anyone using the permData hashtable for storage of extra data.
martin
If no one objects to this, I will commit the changes in the next few
days.
-----Original Message-----y-service.
From: Quinton McCombs Sent: Friday, January 03, 2003 2:36 PM
To: Turbine Developers List
Subject: Discussion on TTWS30 - Session unbind causes TURBINE_USER to be updated
I ran across this because of a simple problem. My application allows admin users to update information about the user. It also allows a user to do simple things like change their password.
I noticed that although the the new password was written to the database, the changes were overwritten when the user logged out. It turns out that this is not a newly discovered problems either. There is already a proposal (http://jakarta.apache.org/turbine/turbine-2/proposals/securit
html) that discusses a solution this very problem.
Does anyone see a problem with this? The only issue that I could find
was persistent pull tools. They would need to be saved as well. Does
anyone even use them??
--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
