cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ovidiu Predescu <>
Subject Re: [RT] Flowmaps
Date Wed, 19 Jun 2002 22:42:19 GMT
On 6/18/02 5:21 AM, "Ivelin Ivanov" <> wrote:

> Ovidiu Predescu wrote:
>> On 6/17/02 11:22 PM, "Christian Haul" <>
>> wrote:
>> I actually like the way variables are automatically bound in WebObjects,
>> where you have to explicitly define the automatic binding, by mapping an
>> instance variable to a form parameter. I was thinking to follow a similar
>> pattern, and have a way to specify that a given local variable in a function
>> is to be bound to a form parameter. In WebObjects this association is
>> totally under the control of the programmer, and the same way should be done
>> in Cocoon.
> XMLForm is already doing it.

What are you referring to? Binding request parameters to the object model?

>> Could this be a potential security problem?
> I guess Christian suggests that a malicious attacker can pass parameters
> which will modify undesired parts of the model.

There was a misunderstanding of the concept I was talking about, which in
the meantime has been solved (I posted another reply describing this). With
the originally proposed model there is no security issue, as far as I can

Ovidiu Predescu <> (Apache, GNU, Emacs...)

To unsubscribe, e-mail:
For additional commands, email:

View raw message