> I would like to have the hashing and validation code on the server to take > that power away from the client.
Good idea. > Is it as simple as setting a pre-persist and post-load hook and only > implementing them on the server? Yep, callbacks are the way to solve this. Andrus > On Apr 16, 2016, at 6:27 PM, Adam Boyle <abo...@valsphere.com> wrote: > > Is it as simple as setting a pre-persist and post-load hook and only > implementing them on the server? > > ________________________________________ > From: Adam Boyle <abo...@valsphere.com> > Sent: Saturday, April 16, 2016 10:48 AM > To: user@cayenne.apache.org > Subject: ROP: perform action server-side before commit/fetch > > Is there a way to add a server-side hook in an ROP setup that allows you to > perform an action before a record is committed or before it is fetched to > alter a flag on the record before it is sent to the client? > > > Here is my use-case: I have records that need to be electronically signed. My > implementation of the signing process involves calculating a hash of a > record's data (and the data of important foreign records) and attaching that > hash to the signature record. On fetch a signed record would then validate > its signature record's hash to ensure no data has changed since it was > signed. Currently this is all done on the client side before committing to > the server or after fetching. In reality this is bad practice as it gives the > client the power to decide how the signature is generated and validated. I > would like to have the hashing and validation code on the server to take that > power away from the client. > > > My hope is that I can put a pre-commit hook on the server objects that checks > for a link to a Signature object and performs the hashing and storage of the > hash. Upon fetch I would like the server-side to validate the hash and set a > flag on the Signature object that is then sent to the client. > > > Does this sound feasible? > > > Thanks, > > Adam
