[Glass] Help defining gemstone users for a multi-user app

Mariano Martinez Peck marianopeck at gmail.com
Wed Jan 8 10:45:07 PST 2014


Thanks all for the support and help. So.....to conclude, this is what I
will do:

- Investigate how to create stones and start with a stone per site basis
instead of multi-user.
- Create my own DataCurator like user for my app, say 'adminUserX'. This
step is not mandatory, but I kind of like it.
- Make sure UserGlobals of 'adminUserX' is only read/written by that user
(I need to investigate how to do that).
- I will do both, load code and run seaside gems with the user 'adminUserX'.
- I will add validation or something to the rules defined by the user.
Likely, I will write my own rule language and yes, I could use PetitParser
maybe.

Thanks guys,



On Wed, Jan 8, 2014 at 3:32 PM, Martin McClure <
martin.mcclure at gemtalksystems.com> wrote:

> Hi Mariano,
>
> Running multiple stones is quite a bit easier than setting up a
> multi-user stone. And, as Dale pointed out, it makes coordinating
> upgrades easier. So you might consider doing that first, then maybe
> considering a multi-user stone later if you see any advantage.
>
> I agree with James about allowing arbitrary Smalltalk code to come over
> the wire and be executed on the server. This *will* be exploitable. If
> you think it's not, tell me the scheme you're thinking of using and I'll
> break it for you. :-)
>
> Defining your own rule language and parsing that would be more work (but
> not all *that* much work) but would be much safer.
>
> Regards,
>
> -Martin
>



-- 
Mariano
http://marianopeck.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/private/glass/attachments/20140108/c0741582/attachment-0001.html>


More information about the Glass mailing list