archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wendy Smoak" <wsm...@gmail.com>
Subject Re: Access denied WebDAV repository
Date Sat, 05 May 2007 04:06:07 GMT
On 3/27/07, Joakim Erdfelt <joakim@erdfelt.com> wrote:

> This is a confusing mess of roles ATM.
>
> You just pointed out a flaw in the design of the security.
>
> The roles that the Guest user has are not copied (or linked) to new users.
>
> It is quite possible for new users to have *LESS* permission than a
> guest (anonymous) user!
>
> I just discussed this with my partner in security crime, Jesse
> McConnell, and we are working on a solution to this oversight.

Can you please summarize the discussion, what you considered and
discarded, and what you ultimately decided on?  That kind of
information is important to have in the archives.

-- 
Wendy

Mime
View raw message