You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Wilson Ikeda <wi...@gmail.com> on 2009/12/28 18:55:41 UTC
Re: users Digest 28 Dec 2009 16:16:59 -0000 Issue 3955
One more thing to add to Peter's mail:
I'm not a security expert, I know some common exploits and how to secure
against them but certainly these guys are much more informed than me (spring
security - apache shiro devs). That's why even on small apps that have a
face on the web i use them. Security is something that I don't want to worry
later nor my knowledge area, how many people on this list constantly go to
sites devoted to security? excluding Kalle of course : ), JM2C.
On 12/29/09 1:16 AM, "users-digest-help@tapestry.apache.org"
<us...@tapestry.apache.org> wrote:
> From: <P....@albourne.com>
> Date: Mon, 28 Dec 2009 09:42:05 +0000 (GMT)
> To: Tapestry users <us...@tapestry.apache.org>
> Subject: Re: About T5 integration modules
>
> Hi All,
>
> I have been using Tapestry for the last 4-5 years, it is our companies
> framework of choice and I personally want only whats best for the framework
> and community, I want to see it grow and thrive since we are heavily invested
> in it, and I also enjoy developing with it.
>
> A few years back Tapestry lost a lot of ground to Wicket and other frameworks
> because of backward compatibility issues, when the controversial rewrite
> (Tapestry 5) was announced... people and companies who had invested in
> Tapestry 4 felt hard done by. Tapestry 5 is perhaps one of the most
> progressive web frameworks around, but it seems Howard you only listen to your
> community once the rubicon has already been crossed.
>
> I had hoped that we all learned from that experience and that Tapestry will
> grow this time around, increasing the community should be the top priority, as
> there is strength in numbers, so if this means writing a few 'easy'
> integration modules and improving the docs, then whats the big deal... new
> users will appreciate it.
>
>> I'm also a bit surprised at how eager people are to make use of
>> cumbersome solutions like Spring Security to accomplish simple tasks
>> such as protecting pages.
> I wrote my security solution from scratch using Tapestry RequestFilters, but
> even so I am surprised that you are surprised... Web frameworks should provide
> some documented security features / at least guidelines, people will obviously
> turn to Spring because there is already an integration module for Tapestry and
> they may not want to, or simply can't afford the time to do everything from
> scratch, built-in framework features are at least well tested as well, so if
> they do the job then people will feel comfortable to use them... time to
> market is very important in my book too, thats why people use web frameworks
> in the first place (i.e.: to leverage existing resources), surely you all know
> that?
>
>> Ideally there would be a single solution for this,
>> but I've found that page security is just not a one-size-fits-all
>> solution.
> Perhaps there is some truth there, but thats no reason to ignore the problem
> entirely, there is also plenty of commonality.
>
>> but I'd rather talk
>> about how easy it is to create your own custom extensions that work
>> precisely as you need.
> Okay I am sold, so lets have a place for the community to dump extensions /
> components and people can simply pick and customize whatever they need, and
> lets document it properly... but my major point is that Tapestry needs to grow
> and not stagnate, so getting the community more involved is the key.
>
> Merry Christmas to all!
> Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: users Digest 28 Dec 2009 16:16:59 -0000 Issue 3955
Posted by Alex Shneyderman <a....@gmail.com>.
Security by ignorance does not work in general if you want to secure your site
you better know what you are doing otherwise hire someone who can explain
how to do it but never blindly trust anyone.
In general though security is no rocket science, although ppl developing
frameworks and tools around it purposefully or not would make you believe
otherwise.
On Mon, Dec 28, 2009 at 6:55 PM, Wilson Ikeda <wi...@gmail.com> wrote:
> One more thing to add to Peter's mail:
> I'm not a security expert, I know some common exploits and how to secure
> against them but certainly these guys are much more informed than me (spring
> security - apache shiro devs). That's why even on small apps that have a
> face on the web i use them. Security is something that I don't want to worry
> later nor my knowledge area, how many people on this list constantly go to
> sites devoted to security? excluding Kalle of course : ), JM2C.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org