mugle-dev team mailing list archive

Thread
Date

[Bug 730086] Re: Add Serializable classes of model to be passed by GWT RPC

To: mugle-dev@xxxxxxxxxxxxxxxxxxx
From: Matt Giuca <730086@xxxxxxxxxxxxxxxxxx>
Date: Wed, 09 Mar 2011 08:43:07 -0000
Reply-to: Bug 730086 <730086@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

> I personally don't see a security issue since only the desired values are passed back to the client.
Right. If only the desired values are passed back to the client, then there is no security *vulnerability*.

I say security "issue" since I would be concerned that if any one
mistake was made in selecting which fields to set to null, then we would
be leaking information to the client. In other words, it seems a bit too
flimsy.

The main concern is just that the code for doing this will have to be
written specially for each field of each class. I would feel better
about it if there was some generic code which handles all the logic for
selecting which fields to null out. Is there?

-- 
You received this bug notification because you are a member of MUGLE
Developers, which is subscribed to MUGLE.
https://bugs.launchpad.net/bugs/730086

Title:
  Add Serializable classes of model to be passed by GWT RPC

Status in Melbourne University Game-based Learning Environment:
  New

Bug description:
  Write serializable versions of each of the model classes to be passed
  over by GWT RPC so they can be accessed by the client side of the
  platform;  Should only have getters (and setters ?), and should only
  contain information the client side should be able to see (so there'll
  need to be 2 versions of some of the model classes according to the
  public/private nature denoted in the Platform View)

References

[Bug 730086] [NEW] Add Serializable classes of model to be passed by GWT RPC
From: Scott Ritchie, 2011-03-06