[Seaside] Strategies for bulky renders/updates
radoslav hodnicak
rh at 4096.sk
Sun Mar 13 17:56:29 UTC 2011
Well I don't plan to use database IDs on the page directly - for one
they are like 20+ characters long (UUIDs), so that would defeat some
of the reasons for doing this (less data sent over the wire), and yes
it's a security hole. I'm just going to have an element id <-> object
mapping on the server, which isn't really different from having
callback IDs embedded in the html.
rado
On Sun, Mar 13, 2011 at 6:26 PM, Milan Mimica <milan.mimica at gmail.com> wrote:
> Johan Brichau wrote:
>>
>> * Register the click events on each applicable html element such that they
>> call the previously defined javascript function:
>>
>> html listItem onClick: (JSStream on:
>> 'clickAction($(this).id)');
>> with: [ ... ]
>>
>
> A was thinking about the same problem just today. A potential problem is
> that it leaks IDs into HTML. One could easily guess a valid ID which maps to
> a database object which he normally wouldn't have access to. Hm... unless
> you take special care to obfuscate the ID.
>
>
>
> --
> Milan Mimica
> http://sparklet.sf.net
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
More information about the seaside
mailing list