Johannes But does not writing actions imply the need for a whole bunch of custom code ... and could this not be avoided by using "standard" Cocoon components ... OK, so I am lazy, but I would like to do the minimum work to achieve the maximum results, and it does seem that DB interaction in Cocoon requires massive amounts of engineering and custom code - or else having to learn other, massive apps (Hibernate, Spring, etc) before you even start. There MUST be a simple, secure solution for straightforward CRUD apps that is just waiting for a lazy - but bright and determined - developer to write --> a framework that is liteweight (and I *do* mean lightweight - ideally drop a few jars into the Cocoon workspace that are wrappers for whatever external technology might be needed - and then be able to write a few [a *few*] config files from which pretty much *everything* is generated; including clientside Javascript as an option). Just a dream - maybe.... :-) Derek
<<< [EMAIL PROTECTED] 2005/10/03 08:40 PM >>> Hi Ralph, > Johannes, > If you actually do this you will be creating a website with a big > security hole. Anyone would be able to send fake requests to your > server with bogus data. Client side validation is nice - it gives a > faster response to the user and does take a load off the server as > only valid requests SHOULD make it to the server. However, the server > must still also perform data validation as someone could log in and > then start sending bogus requests to you. I see your point, but the mentioned pipeline resides in a subdirectory which is protected via the authentication framework. Furthermore, all requests are checked for integrity and validity before execution (in the custom actions), to avoid data loss in case that something weird happens on the client side. So I think this is no less secure than CForms validation, for example. Regards, Johannes -- This message is subject to the CSIR's copyright, terms and conditions and e-mail legal notice. Views expressed herein do not necessarily represent the views of the CSIR. CSIR E-mail Legal Notice http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html CSIR Copyright, Terms and Conditions http://mail.csir.co.za/CSIR_Copyright.html For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR Legal Notice send a blank message with REQUEST LEGAL in the subject line to [EMAIL PROTECTED] This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks Transtec Computers for their support. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
