Announcement Announcement Module
No announcement yet.
Restrict binding "getter" calls by return type class Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restrict binding "getter" calls by return type class

    We recently found out that a rack of developers haven't been specifying binding properly in their controllers and webflows. (allowable fields and binding tags) We also noticed that they have put some "convenience methods" on some of their models, which, if you know the code, could get-get-get-get you back to some sensitive information you're not supposed to set. Is there any way to limit the "getters" binding calls by their return type? We have a couple of classes for PhoneNumber and ZipCode, which are composite pojos for those entities...

    I'd like to make sure we limit the return types of the "getters" to those, AND ONLY THOSE, and avoid the case where someone mistakenly put a convenience method to something like... oh say.. DatabaseConfiguration, and expose the ability to "set" (ie, reset) the url called by all of our database connections.

    I would go through and put on all the binders myself, but there are sooooo many of them with this issue, in order to avoid anything malicious to happen before I get done, I was wondering if there was a quick way to limit this through configuration.

    Thanks for your time. Greatly appreciated!
    Last edited by daveb1040; Oct 21st, 2012, 01:30 AM.