chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller (JIRA) <j...@apache.org>
Subject [jira] [Commented] (CMIS-893) getRepositories on browser binding repository url
Date Tue, 03 Mar 2015 09:59:04 GMT

    [ https://issues.apache.org/jira/browse/CMIS-893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14344849#comment-14344849
] 

Florian Müller commented on CMIS-893:
-------------------------------------

I don't see security implications. If the user can access the repository, he can always call
{{http://localhost:8080/browser/something?cmisselector=repositoryInfo}} to get the repository
info. This URL must be supported.

The alternative response would be an error message like this:
{code}
{
    "exception": "notSupported",
    "message": "Unknown operation"
}
{code}

I don't think that is less confusing.

> getRepositories on browser binding repository url
> -------------------------------------------------
>
>                 Key: CMIS-893
>                 URL: https://issues.apache.org/jira/browse/CMIS-893
>             Project: Chemistry
>          Issue Type: Bug
>          Components: opencmis-server
>    Affects Versions: OpenCMIS 0.12.0
>            Reporter: Michael Brackx
>            Assignee: Florian Müller
>
> A http get on a repository url returns a getRepositories response.
> This can be confusing and have security implications.
> Example curl:
> {code}
> curl http://localhost:8080/browser/something
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message