Radio Liferay

Welcome to Radio Liferay, a peek into what is going on in Liferay from the people doing it themselves.

 

Latest Broadcast

Radio Liferay Episode 60: Performance and Permissions with Preston Crary

  An episode on the "Per" things: Performance and Permissions. I spoke to Preston Crary, who amazingly was not mad at me for losing an earlier recording.

We're talking about these (and more) topics

  • We open with the attention to detail that's required for working on performance tuning and some short conversation about this topic.
  • Sadly, there's not often a single silver bullet, but many areas of dust.
  • Sometimes the fastest code is not the most optimal
  • Continuing with Preston's work on Permissions:
  • ResourceBlock is deprecated, and there's an easy migration path
  • The usecase for Resources, ResourcePermission, and ResourceBlocks (as they're not at all visible on the UI)
  • Preston's way through Liferay from Support to working on the topics that he's now working on
  • The new API for Permissions - and the documentation is also done already (as of me writing this article, not yet published, but available on github - should be a matter of days or hours)
  • Should you implement your own permission system? (and how the answer to this question might change in 7.1)
  • Upgrades are being performance tuned. I smell a future episode coming up. Paging the team that is working on this area
  • The remarkable memory savings that refactoring the UserBag introduced
  • What happend during login
  • Passwords are PBKDF2WithHmacSHA1/160/128000 hashed, a deliberately expensive password hashing algorithm.
  • LPS-75747 and an update to my hardball question: Document Library's default.xml is still in core, can't be updated through a module, just through an ext.

Follow @RadioLiferay, Preston and me (@olafk) on twitter.

You'll find this episode - and make sure that you don't miss any of the future episodes - by subscribing to  http://feeds.feedburner.com/RadioLiferay. You can also subscribe on itunes.: Just search for "Radio Liferay" or just "Liferay" in the podcast directory. Make sure to write a review for the podcast directory of your choice - or find everything about Radio Liferay on radioliferay.com.

Or just download the MP3 here:

download audio file

Average (0 Votes)
The average rating is 0.0 stars out of 5.


Add Comment
Threaded Replies Author Date
Clicked the link to radioliferay.com and Chrome... Dante Wang March 28, 2018 8:37 PM
Whoops, sorry - Something went wrong in the... Olaf Kock April 3, 2018 1:05 AM

Dante Wang
Clicked the link to radioliferay.com and Chrome warned me about invalid cert...
Posted on 3/28/18 8:37 PM.
Olaf Kock
Whoops, sorry - Something went wrong in the reconfiguration of that server. Non-https works for now, it's just a forwarder to https://liferay.com/radio anyways...
Thanks for letting me know
Posted on 4/3/18 1:05 AM in reply to Dante Wang.
By Olaf Kock 3/20/18

Tell others

If you enjoy this podcast and are subscribing on itunes or any other aggregator: Please consider telling them how much you like it - just use their rating system. And consider leaving feedback and comments (at the shownotes, linked for each episode)

Older Episodes

« Back

Radio Liferay Episode 49: Tomáš Polešovský from Liferay's Security Team

  It's been a long time and finally... Radio Liferay is back with several episodes in the queue. Today, Tomáš Polešovský starts of by talking about Liferay's security team and -procedures as well as his work within that team. Tom has already been a guest on Radio Liferay's ancient episode 9

Here are some of the topics that we talked about:

  • The glorious glamorous days one has on the security team (consisting mostly of email, tickets, pullrequests)
    • Different ways to make Liferay more secure
    • Gathering feedback from community and customers
    • Monitoring Liferay Forums and full disclosure mailing lists (also about the various libraries that are used in Liferay)
    • Scan source code for problems
  • Liferay cooperates with external security researchers for penetration testing
  • Customers perform external audits as well.
  • An example of an actual audit report: 49 very alarming false positives vs. 1 real cornercase
  • The security issue fixing process
  • The first security episode with Sam Kong
  • Link to community security update page. CE updates always only against the latest GA version
  • Some low hanging fruits in secure Liferay administration (on the fly)
    • Disable "create new accounts" if you don't want random users to create new accounts (e.g. in an intranet)
    • JSONWS access
    • Disable Control Panel, add "My Account" to user's personal pages instead
    • The securing Liferay series and "additional Resources" here
  • What will happen with Liferay 7?
  • OAuth, and the related Radio Liferay episode 44 with Stian
  • SQRL (disclaimer: I misled Tom by mispronouncing this library - he's aware, but there's no implementation - yet - for Liferay)

Follow @RadioLiferay, @topolik (Tom) and @olafk (me) on twitter.

You'll find this episode - and make sure that you don't miss any of the future episodes - by subscribing to  http://feeds.feedburner.com/RadioLiferay. You can also subscribe on itunes.: Just search for "Radio Liferay" or just "Liferay" in the podcast directory. If you like this, make sure to write a review for the podcast directory of your choice - or leave your feedback on www.liferay.com/radio.

Or just download the MP3 here:

download audio file

Average (0 Votes)
The average rating is 0.0 stars out of 5.
View in Context »

Related Assets:


No comments yet. Be the first.
By Olaf Kock 11/3/15