plugin replaces index.gsp and ships with DdcController.groovy (security risk)

[GoogleCodeExporter]

The _install script renames the current index.gsp and replaces it with one that 
has the UI to create domain classes dynamically. This is cool for a demo, but 
it only makes sense if you haven't edited your index.gsp yet. Most applications 
will have customized it heavily.

Instead I'd suggest a new script that users can run after install which creates 
a new GSP (with a different name that they choose) and also copies 
DdcController.groovy to the project's grails-app/controllers directory instead 
of being in the plugins's controllers directory. I think most users don't want 
DdcController.groovy - it's good mostly for a demo.

DdcController.groovy is actually a significant security risk since it's 
auto-mapped to the /appname/ddc URL and unless it's protected with security 
will allow any user to create new domain classes.

Original issue reported on code.google.com by burtbeck...@gmail.com on 20 Nov 2010 at 2:38

[GoogleCodeExporter]

Yes, it is created for demo purpose. Thanks for your suggestion, I will create 
a better demo on next release.

Original comment by limchee...@ymail.com on 30 Dec 2010 at 3:08

[GoogleCodeExporter]

Created install-ddc-demo script to install the demo app. 0.3 released.

Original comment by limchee...@ymail.com on 19 Feb 2011 at 10:14

• Changed state: Fixed