To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Tech English Liferay Olafkock Olaf Kock
Content provided by Olaf Kock. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Olaf Kock or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Similar to Radio Liferay

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Radio Liferay « »
RL022 Samuel Kong - Radio Liferay Episode 22

21:43
 
Play
Playing
Share
 

MP3Episode home
Manage episode 153326151 series 1088293
Content provided by Olaf Kock. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Olaf Kock or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Yes, I know. I didn't keep my previous promise to quickly follow up with the next episode. Thus, I'm not promising again, only revealing that I'm planning to be quicker in future.

This is another episode recorded at the previous Liferay Retreat. I sat together with Samuel Kong, GM of the chinese office and member of Liferay's security team.

As I've been carrying this recording around for quite some while, note that there have been some changes during the last year. First and foremost, we have a new community security team, which was not around at the time of the recording. I'm planning to talk to someone from that team soon (consider yourself warned if you're on that team)

Some of the topics you'll find in this episode

  • How to file a security issue - thankfully he is consistent with what Cynthia and Michael have reported: go to issues.liferay.com, file your issue under the component "security", optionally with private visibility. If you've already done so, please try if your issue is reproducible in the latest available version - your issue might already have been reported and fixed.
  • OWASP (The Open Webapplication security project) site is a good resource for learning about security in Webapplications in general, independent of Liferay.
  • The three tools that Liferay has built-in, helping you to prevent security issues:
    • Redirects: Some Properties, configuring the list of domain names and IPs, that Liferay is allowed to redirect to
    • CSRF: Auth-Token
    • XSS: The various escape-methods in com.liferay.portal.kernel.util.HtmlUtil - There are so many because the correct escaping depends on the context for which one escapes some HTML-Text. Also, the AlloyUI Taglibs help a lot when you're displaying user-content in forms. And also: The "escapedModel" that you can get from ServiceBuilder.
    • Bonus: SqlInjection and its prevention through ServiceBuilder.
  • When to escape HTML text in order to be most flexible.
  • Sidenote: A call to extract and read the full portal.properties: A long, boring and interesting read. Oh, and the dtds for xml files
  continue reading

72 episodes

#Tech #English #Liferay #Olafkock #Olaf Kock
Artwork

RL022 Samuel Kong - Radio Liferay Episode 22

Radio Liferay

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 153326151 series 1088293
Content provided by Olaf Kock. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Olaf Kock or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Yes, I know. I didn't keep my previous promise to quickly follow up with the next episode. Thus, I'm not promising again, only revealing that I'm planning to be quicker in future.

This is another episode recorded at the previous Liferay Retreat. I sat together with Samuel Kong, GM of the chinese office and member of Liferay's security team.

As I've been carrying this recording around for quite some while, note that there have been some changes during the last year. First and foremost, we have a new community security team, which was not around at the time of the recording. I'm planning to talk to someone from that team soon (consider yourself warned if you're on that team)

Some of the topics you'll find in this episode

  • How to file a security issue - thankfully he is consistent with what Cynthia and Michael have reported: go to issues.liferay.com, file your issue under the component "security", optionally with private visibility. If you've already done so, please try if your issue is reproducible in the latest available version - your issue might already have been reported and fixed.
  • OWASP (The Open Webapplication security project) site is a good resource for learning about security in Webapplications in general, independent of Liferay.
  • The three tools that Liferay has built-in, helping you to prevent security issues:
    • Redirects: Some Properties, configuring the list of domain names and IPs, that Liferay is allowed to redirect to
    • CSRF: Auth-Token
    • XSS: The various escape-methods in com.liferay.portal.kernel.util.HtmlUtil - There are so many because the correct escaping depends on the context for which one escapes some HTML-Text. Also, the AlloyUI Taglibs help a lot when you're displaying user-content in forms. And also: The "escapedModel" that you can get from ServiceBuilder.
    • Bonus: SqlInjection and its prevention through ServiceBuilder.
  • When to escape HTML text in order to be most flexible.
  • Sidenote: A call to extract and read the full portal.properties: A long, boring and interesting read. Oh, and the dtds for xml files
  continue reading

72 episodes

#Tech #English #Liferay #Olafkock #Olaf Kock

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to Radio Liferay

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Freakonomics Radio
Comedy of the Week
The Bugle
How Did This Get Made?
Slate Culture
Planet Money
TED Talks Daily
NBC Nightly News with Tom Llamas
CBS News Roundup
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Snap Judgment
Criminal
Sword and Scale
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play