Grails

Value of "transients" GORM property is not inherited by subclasses

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: 1.1.1
  • Fix Version/s: 1.2-M4
  • Component/s: None
  • Labels:
    None

Description


If class B extends A and A has declared some transients in the static transients property, class B must also declare these or the GrailsDomainClass exposes the transient properties in the persistentProperties list - and presumably also serializes these.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Marc Palmer added a comment -

This is a potential security problem as transients are often used for values such as credit card numbers or passwords, but are not actually saved to the database. This could be causing information leakage for people who have not checked the schema and produced in the DB.

Show
Marc Palmer added a comment - This is a potential security problem as transients are often used for values such as credit card numbers or passwords, but are not actually saved to the database. This could be causing information leakage for people who have not checked the schema and produced in the DB.
Hide
Permalink
Lari Hotari added a comment -

Fixed in this commit: http://github.com/grails/grails/commit/14ef14b96f25591e8fc56619c998b32532b9c1f3 .

GrailsDomainClass API should include a method "List<GrailsDomainClass> getSuperClasses()". It would make the implementation cleaner.

Show
Lari Hotari added a comment - Fixed in this commit: http://github.com/grails/grails/commit/14ef14b96f25591e8fc56619c998b32532b9c1f3 . GrailsDomainClass API should include a method "List<GrailsDomainClass> getSuperClasses()". It would make the implementation cleaner.
Hide
Permalink
Graeme Rocher added a comment -

Bulk closing bunch of resolved issues

Show
Graeme Rocher added a comment - Bulk closing bunch of resolved issues

People

Vote (5)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.1#660-r161644) | Report a problem
Powered by a free Atlassian JIRA open source license for Grails project. Try JIRA - bug tracking software for your team.