Return-Path: 
 <cocoon-dev-return-42831-apmail-xml-cocoon-dev-archive=xml.apache.org@xml.apache.org>
Delivered-To: apmail-xml-cocoon-dev-archive@xml.apache.org
Received: (qmail 90661 invoked by uid 500); 26 May 2003 19:58:23 -0000
Mailing-List: contact cocoon-dev-help@xml.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:cocoon-dev-help@xml.apache.org>
list-unsubscribe: <mailto:cocoon-dev-unsubscribe@xml.apache.org>
list-post: <mailto:cocoon-dev@xml.apache.org>
Reply-To: cocoon-dev@xml.apache.org
Delivered-To: mailing list cocoon-dev@xml.apache.org
Received: (qmail 90560 invoked from network); 26 May 2003 19:58:22 -0000
Received: from unknown (HELO grid2.hypergrid.it) (80.204.93.99)
  by daedalus.apache.org with SMTP; 26 May 2003 19:58:22 -0000
Received: (qmail 25119 invoked by uid 1005); 26 May 2003 19:58:15 -0000
Received: from u.cei@cbim.it by grid2 with HyperGrid Anti-Virus System;
 26 May 2003 19:58:15 -0000
Received: from unknown (HELO grid1.hypergrid.it) (80.204.47.132)
  by 0 with DES-CBC3-SHA encrypted SMTP; 26 May 2003 19:58:15 -0000
Received: (qmail 26366 invoked by uid 1005); 26 May 2003 19:58:15 -0000
Received: from u.cei@cbim.it by grid1 with HyperGrid Anti-Virus System;
 26 May 2003 19:58:15 -0000
Received: from unknown (HELO cbim.it) (ugo.cei@ymail.it@80.117.39.68)
  by 0 with RC4-MD5 encrypted SMTP; 26 May 2003 19:58:14 -0000
Message-ID: <3ED271C9.70907@cbim.it>
Date: Mon, 26 May 2003 21:58:01 +0200
From: Ugo Cei <u.cei@cbim.it>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030509
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: cocoon-dev@xml.apache.org
Subject: Re: Views Internal-Only [Re: [RT] XMLForm]
References: <3ED119C5.1040906@verizon.net> <3ED1C1A6.6010900@cbim.it>
 <3ED23090.5000500@apache.org>
In-Reply-To: <3ED23090.5000500@apache.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Stefano Mazzocchi wrote:
> I don't know if you noticed by Linotype, for example, has a security
> hole exactly because of the above: this means that anybody can write
> stuff on my weblog if they can understand how. ;-(

I'm not sure this is possible, since the view won't have any model 
passed to it if it's called directly. Or maybe I'm missing something ... 
anyway, I'm glad that you agree with me ;-).

	Ugo