| Author |
Message |
|
| Guest |
 Posted: Mon Jan 14, 2008 4:08 am |
 |
|
|
Guest
|
What's the easiest way to determine if a method is being called directly
from a client (web browser) or embedded as a sub component as part of
another call?
Jeff.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb-unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Mon Jan 14, 2008 6:09 am |
|
|
|
Guest
|
jm wrote:
> What's the easiest way to determine if a method is being called directly
> from a client (web browser) or embedded as a sub component as part of
> another call?
Had a thought about this just as I'm about to walk out the door. Would
something like the following, untested code, be a good way to do this?
is_embedded(A, Module) ->
EWC = erlyweb:get_ewc(A),
error_logger:info_msg("ewc => ~p, ~p~n",
[element(2, EWC), element(3, EWC)]),
case EWC of
{ewc, Controller, View, _FuncName, _Params} when
Controller =:= Module orelse
View =:= Module -> false;
_ -> true
end.
Jeff.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb-unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Mon Jan 14, 2008 7:03 am |
|
|
|
Guest
|
There is no generic way of doing it because ErlyWeb doesn't pass any
information down to subcomponents aside from the information that the
parent component passes. You can explicitly pass a flag from the
parent component to the subcomponent. Out of curiosity, why would you
want to do it?
On Jan 13, 2008 8:09 PM, jm <jeffm@ghostgun.com> wrote:
>
> What's the easiest way to determine if a method is being called directly
> from a client (web browser) or embedded as a sub component as part of
> another call?
>
>
> Jeff.
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb-unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Mon Jan 14, 2008 10:40 am |
|
|
|
Guest
|
Yariv Sadan wrote:
> There is no generic way of doing it because ErlyWeb doesn't pass any
> information down to subcomponents aside from the information that the
> parent component passes. You can explicitly pass a flag from the
> parent component to the subcomponent. Out of curiosity, why would you
> want to do it?
>
It doesn't really matter for what I'm playing with at the moment but it
occurred to me that I must have written some methods that assume being
encased in other components and don't know what the effect would be if
called directly, eg, have I checked the parameters for sane values or is
it open to being a path that a cracker could exploit. Alternatively, if
the method is being used as a sub-component (probably a better term than
embedded) I can skip some checks and lighten the load on the database.
Doing this could result in a 20% or more reduction in database queries.
This could lead to more readable code also as I wouldn't have to have on
method called embedded_show/2 and show/2, but as both methods are
exported both are open to the world. Perhaps, what's really needs is
something like,
-erlyweb_component([
new/1,
edit/2,
show/2
]).
-erlyweb_subcomponent([
embedded_edit/2,
embedded_show/2
]).
need better terms than component and subcomponent. How about,
export_world and export_app_only.
Jeff.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb-unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post recived from mailinglist |
|
|
| Back to top |
|
| ketralnis |
| Posted: Tue Jan 15, 2008 5:04 pm |
|
|
|
User
Joined: 20 Jul 2007
Posts: 151
Location: San Francisco, CA
|
> What's the easiest way to determine if a method is being called
> directly
> from a client (web browser) or embedded as a sub component as part of
> another call?
My solution has been to not do that.
I have some top-level controller functions, which are only ever called
by URLs, and some components, which are only ever called as {ewc}s.
I've thought about separating them into separate controllers entirely,
but haven't done so because, for now at least, it's clear which is
which.
All top-level controller functions return {result}, even if they don't
have to, so that I can look at a glance and see which one is, and all
components take entire objects (like a comment or post record) instead
of their IDs. It's kept it straight for me so far.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb-unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post recived from mailinglist |
|
|
| Back to top |
  
|
| Guest |
| Posted: Wed Jan 16, 2008 5:56 am |
|
|
|
Guest
|
I have had a similar need but I didn't actually prevent these methods
from being exported -- I just gave them names that crackers aren't
likely to guess -- not great for security but good enough for me at
the moment. I think your suggestion makes sense, though, because it's
not always convenient to create new components just for the private
functions. I'll add it to the todo list, unless you want to implement
it yourself.
Yariv
> It doesn't really matter for what I'm playing with at the moment but it
> occurred to me that I must have written some methods that assume being
> encased in other components and don't know what the effect would be if
> called directly, eg, have I checked the parameters for sane values or is
> it open to being a path that a cracker could exploit. Alternatively, if
> the method is being used as a sub-component (probably a better term than
> embedded) I can skip some checks and lighten the load on the database.
> Doing this could result in a 20% or more reduction in database queries.
> This could lead to more readable code also as I wouldn't have to have on
> method called embedded_show/2 and show/2, but as both methods are
> exported both are open to the world. Perhaps, what's really needs is
> something like,
>
>
> -erlyweb_component([
> new/1,
> edit/2,
> show/2
> ]).
>
> -erlyweb_subcomponent([
> embedded_edit/2,
> embedded_show/2
> ]).
>
> need better terms than component and subcomponent. How about,
> export_world and export_app_only.
>
>
>
> Jeff.
>
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb-unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post recived from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Wed Jan 16, 2008 11:22 am |
|
|
|
Guest
|
Yariv Sadan wrote:
> I have had a similar need but I didn't actually prevent these methods
> from being exported -- I just gave them names that crackers aren't
> likely to guess -- not great for security but good enough for me at
> the moment. I think your suggestion makes sense, though, because it's
> not always convenient to create new components just for the private
> functions. I'll add it to the todo list, unless you want to implement
> it yourself.
>
mmm, the down side I can see to this approach is that erlyweb could end
up looking like Java or c# - over verbose. I'll try and take a look at
it tomorrow. No promises of course. First thoughts are that it really
only needs a -erlyweb_public() as the internals should be allowed to
call what ever it wants.
At the moment I'm driving myself mad rewriting a user management module
over and over again as I keep changing my mind on how to do it and keep
getting destracted by every possible edge case. The last time I tried
this I threw my hand up at the registration part and kept working on
another part of the application before I ended up shelving it as I had
to work on something else. Just starting to get back into it after
someone mentioned they were after something similar. Doing this may be a
good idea as I'll get a better idea of how the internals of erlyweb are
layed out. You'll have to make sure to heavily review the code though.
Jeff.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb-unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post recived from mailinglist |
|
|
| Back to top |
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
