Radio Liferay
Welcome to Radio Liferay, a peek into what is going on in Liferay from the people doing it themselves.

Radio Liferay Episode 60: Performance and Permissions with Preston Crary
An episode on the "Per" things: Performance and Permissions. I spoke to Preston Crary, who amazingly was not mad at me for losing an earlier recording.
We're talking about these (and more) topics
- We open with the attention to detail that's required for working on performance tuning and some short conversation about this topic.
- Sadly, there's not often a single silver bullet, but many areas of dust.
- Sometimes the fastest code is not the most optimal
- Continuing with Preston's work on Permissions:
- ResourceBlock is deprecated, and there's an easy migration path
- an example upgrade path for bookmarks
- The usecase for Resources, ResourcePermission, and ResourceBlocks (as they're not at all visible on the UI)
- Preston's way through Liferay from Support to working on the topics that he's now working on
- The new API for Permissions - and the documentation is also done already (as of me writing this article, not yet published, but available on github - should be a matter of days or hours)
- And an example: The implementation of this API in Journal
- more documentation on registering and checking permissions
- Should you implement your own permission system? (and how the answer to this question might change in 7.1)
- Upgrades are being performance tuned. I smell a future episode coming up. Paging the team that is working on this area
- The remarkable memory savings that refactoring the UserBag introduced
- What happend during login
- Passwords are PBKDF2WithHmacSHA1/160/128000 hashed, a deliberately expensive password hashing algorithm.
- LPS-75747 and an update to my hardball question: Document Library's default.xml is still in core, can't be updated through a module, just through an ext.
Follow @RadioLiferay, Preston and me (@olafk) on twitter.
You'll find this episode - and make sure that you don't miss any of the future episodes - by subscribing to http://feeds.feedburner.com/RadioLiferay. You can also subscribe on itunes.: Just search for "Radio Liferay" or just "Liferay" in the podcast directory. Make sure to write a review for the podcast directory of your choice - or find everything about Radio Liferay on radioliferay.com.
Or just download the MP3 here:
Older Episodes
Radio Liferay Episode 49: Tomáš Polešovský from Liferay's Security Team
It's been a long time and finally... Radio Liferay is back with several episodes in the queue. Today, Tomáš Polešovský starts of by talking about Liferay's security team and -procedures as well as his work within that team. Tom has already been a guest on Radio Liferay's ancient episode 9
Here are some of the topics that we talked about:
- The glorious glamorous days one has on the security team (consisting mostly of email, tickets, pullrequests)
- Different ways to make Liferay more secure
- Gathering feedback from community and customers
- Monitoring Liferay Forums and full disclosure mailing lists (also about the various libraries that are used in Liferay)
- Scan source code for problems
- Liferay cooperates with external security researchers for penetration testing
- Customers perform external audits as well.
- An example of an actual audit report: 49 very alarming false positives vs. 1 real cornercase
- The security issue fixing process
- The first security episode with Sam Kong
- Link to community security update page. CE updates always only against the latest GA version
- Some low hanging fruits in secure Liferay administration (on the fly)
- Disable "create new accounts" if you don't want random users to create new accounts (e.g. in an intranet)
- JSONWS access
- Disable Control Panel, add "My Account" to user's personal pages instead
- The securing Liferay series and "additional Resources" here
- What will happen with Liferay 7?
- OAuth, and the related Radio Liferay episode 44 with Stian
- SQRL (disclaimer: I misled Tom by mispronouncing this library - he's aware, but there's no implementation - yet - for Liferay)
Follow @RadioLiferay, @topolik (Tom) and @olafk (me) on twitter.
You'll find this episode - and make sure that you don't miss any of the future episodes - by subscribing to http://feeds.feedburner.com/RadioLiferay. You can also subscribe on itunes.: Just search for "Radio Liferay" or just "Liferay" in the podcast directory. If you like this, make sure to write a review for the podcast directory of your choice - or leave your feedback on www.liferay.com/radio.
Or just download the MP3 here: