Kalle Korhonen-2 wrote
> 
> On Tue, Mar 20, 2012 at 9:44 AM, Beat Durrer <bdurrer@> wrote:
>> Since T5 still can't predict the future (pfff!), you need to set the
>> reference to the user yourself :)
>> There are several ways to do this...
>> So, all your CreateGame page needs is the user - right?
>> Then let's add an page activation context:
> 
> Current user as the activation context for createGame? Doesn't look
> too secure - obviously you can still do that if you put proper checks
> in place but it's unnecessary especially if the owner of the newly
> created game is always the currently logged in user.
> 
> I'd typically do this by creating a lightweight CurrentUser Session
> State Object that stores an id of the user entity (perhaps name,
> username as well since you often need those)....
> 

Kalle, can you tell my why using the User object is not secure, and why
using a "CurrentUser" state object is a better idea? I'd like some more
information about the risks involved.

--
View this message in context: 
http://tapestry.1045711.n5.nabble.com/Understanding-Entities-with-Entities-in-the-Tapestry-Framework-tp5579217p5583445.html
Sent from the Tapestry - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to