© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
> I personally don't see a security issue since only the desired values are passed back to the client.
Right. If only the desired values are passed back to the client, then there is no security *vulnerability*.
I say security "issue" since I would be concerned that if any one mistake was made in selecting which fields to set to null, then we would be leaking information to the client. In other words, it seems a bit too flimsy.
The main concern is just that the code for doing this will have to be written specially for each field of each class. I would feel better about it if there was some generic code which handles all the logic for selecting which fields to null out. Is there?