cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ovidiu Predescu <ovi...@apache.org>
Subject Re: [RT] Flowmaps
Date Wed, 19 Jun 2002 22:42:19 GMT
On 6/18/02 5:21 AM, "Ivelin Ivanov" <ivelin@apache.org> wrote:

> Ovidiu Predescu wrote:
>> On 6/17/02 11:22 PM, "Christian Haul" <haul@dvs1.informatik.tu-darmstadt.de>
>> wrote:
> 
> 
>> I actually like the way variables are automatically bound in WebObjects,
>> where you have to explicitly define the automatic binding, by mapping an
>> instance variable to a form parameter. I was thinking to follow a similar
>> pattern, and have a way to specify that a given local variable in a function
>> is to be bound to a form parameter. In WebObjects this association is
>> totally under the control of the programmer, and the same way should be done
>> in Cocoon.
> 
> XMLForm is already doing it.

What are you referring to? Binding request parameters to the object model?

>> Could this be a potential security problem?
> 
> I guess Christian suggests that a malicious attacker can pass parameters
> which will modify undesired parts of the model.

There was a misunderstanding of the concept I was talking about, which in
the meantime has been solved (I posted another reply describing this). With
the originally proposed model there is no security issue, as far as I can
tell.

Greetings,
-- 
Ovidiu Predescu <ovidiu@apache.org>
http://www.geocities.com/SiliconValley/Monitor/7464/ (Apache, GNU, Emacs...)



---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message