cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Geoff Howard" <coc...@leverageweb.com>
Subject RE: Stefano's changes
Date Sun, 27 Apr 2003 18:58:27 GMT
OK, I'll do my best to recover the logic:

It was part of Stefano's overhaul of the upload stuff - cvs 
comment (or was it in an email?) explained for security.  It  
does make sense even if it's a pain.  That's why Chris' (I 
think it was him) addition to the sample warning about the 
new setting default was necessary.

Stefano has an RT that he's waiting on until after 2.1 pushing 
toward what sounds like a control layer out in front of the 
processing that would give finer-grained control over things 
like uploads, webdav, etc. that require more raw access to the 
real request (and response?).  He mentioned it on list a few 
weeks ago.

Point of that is that for now there is no good solution that is 
both convenient and doesn't open up potential holes, so locked 
down is probably better even if some samples won't work with the 
default config.

Geoff

> -----Original Message-----
> From: Vadim Gritsenko [mailto:vadim.gritsenko@verizon.net]
> Sent: Sunday, April 27, 2003 2:12 PM
> To: cocoon-dev@xml.apache.org
> Subject: Re: Stefano's changes
> 
> 
> Geoff Howard wrote:
> 
> >huh? how will allow-reload break upload samples? 
> >  
> >
> 
> Good question. Me puzzled too  >8-O
> 
> 
> But how come that enable-uploads is false by default?
> 
> Vadim
> 
> 
> 
> 

Mime
View raw message