[Seaside] Strategies for bulky renders/updates

radoslav hodnicak rh at 4096.sk
Sun Mar 13 17:56:29 UTC 2011

Well I don't plan to use database IDs on the page directly - for one
they are like 20+ characters long (UUIDs), so that would defeat some
of the reasons for doing this (less data sent over the wire), and yes
it's a security hole. I'm just going to have an element id <-> object
mapping on the server, which isn't really different from having
callback IDs embedded in the html.


On Sun, Mar 13, 2011 at 6:26 PM, Milan Mimica <milan.mimica at gmail.com> wrote:
> Johan Brichau wrote:
>> * Register the click events on each applicable html element such that they
>> call the previously defined javascript function:
>>        html listItem           onClick: (JSStream on:
>> 'clickAction($(this).id)');
>>                with: [ ... ]
> A was thinking about the same problem just today. A potential problem is
> that it leaks IDs into HTML. One could easily guess a valid ID which maps to
> a database object which he normally wouldn't have access to. Hm... unless
> you take special care to obfuscate the ID.
> --
> Milan Mimica
> http://sparklet.sf.net
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

More information about the seaside mailing list