cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ugo Cei <u....@cbim.it>
Subject Re: [Proposal] Implementing XMLForm with Flow
Date Tue, 10 Dec 2002 08:31:21 GMT
Konstantin Piroumian wrote:
> Yes, this should work. But I'd prefer to avoid passing the function name as
> parameter. What about this version:
>     <map:match pattern="someUri/*">
>       <map:call function="checkLogin">
>         <map:parameter name="funarg" value="{1}"/>
>       </map:call>
>     </map:match>

Which is a security nightmare, since you are allowing any logged-in user 
to execute ANY function in your flowscript.

> Or an alternate version with nested matchers:
> 
>     <map:match pattern="private/**">
>       <map:call function="checkLogin">
>         <map:parameter name="funarg" value="checkout"/>
>       </map:call>
>       <map:match pattern="checkout">
>         <map:call function="checkout">
>       </map:match>
>       <map:match pattern="checkin">
>         <map:call function="checkin">
>       </map:match>
>     </map:match>

Much better IMHO.

	Ugo

-- 
Ugo Cei - http://www.beblogging.com/blog/


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message