| databinder-3 |
|
|
bind auth cookie to ip address | ||||||||||
| databinder-4 |
|
|
databinder dispatch script should respond to 'stop' | ||||||||||
| databinder-5 |
|
|
databinder dispatch plain HTTP | ||||||||||
| databinder-6 |
|
|
Access to QueryPanel | ||||||||||
| databinder-7 |
|
|
auth components need localizable strings | ||||||||||
| databinder-8 |
|
|
blob size validation | ||||||||||
| databinder-9 |
|
|
buildr plugin | ||||||||||
| databinder-10 |
|
|
DataApplication initialization | ||||||||||
| databinder-11 |
|
|
please reconsider IDataApplication.isDataBrowserAllowed() | ||||||||||
Hello, Please reconsider the IDataApplication.isDataBrowserAllowed() method on the IDataApplication interface Some people use databinder by simply implementing the IDataApplication interface and making sure the DataRequestCycle is in place rather than extending from DataApplication. in this configuration there is no reason to need to implement isDataBrowserAllowed() as this purely relates to the page mounted by DataApplication and really has nothing to do with IDataApplication at all. if you feel like such a check is needed perhaps its best placed directly in DataApplication rather than in the interface itself. Thanks |
|||||||||||||
| databinder-12 |
|
|
Add target directory to svn.ignore | ||||||||||
| databinder-15 |
|
|
remove button for IterableEntityView | ||||||||||
| databinder-16 |
|
|
DataServer path-finding problems | ||||||||||
| databinder-17 |
|
|
DataBinder-AO hard-codes property names | ||||||||||
| databinder-18 |
|
|
NPE trying to sign in as non-existent user | ||||||||||
| databinder-20 |
|
|
[ActiveObjects] Passing Null Values to DBParam | ||||||||||
| databinder-21 |
|
|
TextileLabel Fails to Render Valid Markup | ||||||||||
| databinder-22 |
|
|
[DataStaticService] ensureSession disregards key | ||||||||||
| databinder-23 |
|
|
arrows in baseball ex | ||||||||||
| databinder-24 |
|
|
rollbacks should warn | ||||||||||
| databinder-25 |
|
|
graffiti bad query | ||||||||||
[databinder-11] please reconsider IDataApplication.isDataBrowserAllowed()
Comments
That worked, it’s implemented transparently now, checked into truck and rolled out in a snapshot. Thanks for the push!
Would you mark this as closed, please? I don’t seem to have admin privileges on my own bug tracker and I don’t want to figure out how to add them at the moment.
Thanks for the quick response
I’m sure ill take a look at it sooner or later but I’d prolly extend the page to work with my authorization scheme and allow for only admins to see it only so the original issue would still persist in that configuration
I had a bit of trouble finding the edit issue link to close out this one so mebbe xoosent could use some work… if i were you i’d look to grab a free opensource license for jira, its pretty nice
That’s interesting; I hadn’t considered that it might be an unwanted burden to implement the method. But it’s not true that the method is related only to DataApplication; the data browser page is bookmarkable and so can be accessed from any application that has it on the classpath, whether it’s mounted or not. That’s the security risk. But it just hit me that I can make that page intentionally non-bookmarkable, then subclass it within DataApplication… maybe. It might still be inadvertently accessible, I’ll have to try it out. It would be a nicer way to do it if it works. If not I can just break off this method into a second interface, so it’s not required in your application class.
But you should try the data browser some time, anyway. It’s kind of handy. ;)