Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 2
  • Filter
  • Time
Clear All
new posts
Previous 1 2 template Next
  • Blama
    replied
    Hi aprajita,

    it can and it does automatically. Please see this result for one DS of my call to /DataSourceLoader?dataSource=... (in recent 4.1p).

    Code:
    [U]isc.DataSource.create({
    allowAdvancedCriteria:true,
    operationBindings:[
        {
            operationType:"update"
        },
        {
            operationType:"add"
        },
        {
            operationType:"remove"
        }
    ],
    serverType:"sql",
    tableCode:"660e6a52e29a8fc1a48d84c7fa2ee3e2",
    ID:"MY_ID_FROM_THE_DS_XML",
    fields:[
        {
            hidden:true,
            columnCode:"3854361464b9a2c3832c47bd39cddf54",
            name:"TENANT_ID",
            type:"integer"
        },
        {
            hidden:true,
            columnCode:"8f635513ba0e5d43d77836ba57c23dad",
            name:"LEAD_ID",
            type:"integer"
        },
        {
            title:"Reseller",
            displayField:"RESELLER_NAME",
            columnCode:"753f5ffa2e1542d0f28d4eb4bcab25e8",
            name:"RESELLER_ID",
            type:"integer"
        },
        {
            hidden:true,
            columnCode:"2582ec59e97c6010032089b939c5ba6b",
            name:"RESELLER_NAME",
            length:30,
            escapeHTML:true,
            type:"text"
        },
        {
            columnCode:"a74ec9c5b6882f79e32a8fbd8da90c1b",
            name:"DISTANCE",
            type:"float"
        }
    ]
})
    If you don't name Datasource ID the same as the database table, the client will never know the table name. Same for the fieldname/columnname.
    See docs/serverds/DataSource.tableCode.

    @Isomorphic: There is no docs/serverds/DataSourceField.columnCode in the docs, while it is clearly used.

    Best regards,
    Blama

    Leave a comment:

  • aprajita
    started a topic Security issue: DataSourceLoader prints details of all the datasource schema

    Security issue: DataSourceLoader prints details of all the datasource schema

    Hi isomorphic,

    We are using SmartGWT v2.4 {2011-06-30/PowerEdition Deployment (built 2011-06-30)

    Our application, using smartgwt, is audited and reported issue of Information leakage which is a biggest security concern.

    Issue:
    When you include datasource with script tag like below if you do view source in mozilla firefox version 24 and chrome Version 36.0.1985.125 m, and click on the below script tag ,it prints whole schema which can give idea to hackers to exploit website.I have attached the file which contain below tag.

    <script src="smartgwt/sc/DataSourceLoader?dataSource=login"></script>

    Below gets printed when I did view source and clicked above tag.

    isc.DataSource.create({
    schema:"Temp",
    tableName:"LOGIN",
    ID:"login",
    fields:[
    {
    name:"username",
    primaryKey:true,
    title:"username",
    type:"text"
    },
    {
    name:"password",
    title:"password",
    type:"text"
    },
    {
    name:"published_date",
    title:"published_date",
    type:"date"
    }
    ],
    serverType:"sql"
    })


    Solution thought:
    Changing the response returned through filter but application stopped working.

    Help needed:
    Can you suggest some solution or any article to resolve this issue? Can using smart
    gwt4.1 version will resolve this issue? We are thinking to upgrade to resolve this issue.
    Any help would be appreciated.
    Attached Files
    Tags: None
Previous 1 2 template Next
Working...
X