Kalle Korhonen-2 wrote > > On Tue, Mar 20, 2012 at 9:44 AM, Beat Durrer <bdurrer@> wrote: >> Since T5 still can't predict the future (pfff!), you need to set the >> reference to the user yourself :) >> There are several ways to do this... >> So, all your CreateGame page needs is the user - right? >> Then let's add an page activation context: > > Current user as the activation context for createGame? Doesn't look > too secure - obviously you can still do that if you put proper checks > in place but it's unnecessary especially if the owner of the newly > created game is always the currently logged in user. > > I'd typically do this by creating a lightweight CurrentUser Session > State Object that stores an id of the user entity (perhaps name, > username as well since you often need those).... >
Kalle, can you tell my why using the User object is not secure, and why using a "CurrentUser" state object is a better idea? I'd like some more information about the risks involved. -- View this message in context: http://tapestry.1045711.n5.nabble.com/Understanding-Entities-with-Entities-in-the-Tapestry-Framework-tp5579217p5583445.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org