> -----Original Message-----
> From: Stefano Mazzocchi [mailto:stefano@apache.org]
> Sent: Monday, October 27, 2003 6:06 AM
> To: James Developers List
> Cc: dev@cocoon.apache.org; forrest-dev@xml.apache.org; lenya-
> dev@cocoon.apache.org
>
>
> On Sunday, Oct 26, 2003, at 23:33 Europe/Rome, Noel J. Bergman wrote:
>
> >> He's not questioning whether it's encrypted. His point is, doco sends
> >> an email to an address, and you respond. It gives very little
> >> control,
> >> even if there is a compromise.
> >
> > AIUI, the proposed solution would allow "anyone" to edit content, and
> > contribute it as a "patch". Content could include defacements,
> > changes to
> > .htaccess, and CGI scripts.
>
> nah, dude, look: doco has a very precise editing access point. You can
> *ONLY* modify xml content. So, changes to .htaccess, CGI scripts,
> servlet upload, sql injection, cross-site-scripting, and you next
> favorite attack will NOT work because the system prevents it by design
> [not saying it cannot happen, but if it does it's a bug, not a faulty
> design]
FWIW, I agree. Perhaps the submit goes to a well-formedness check (or even
better?, schema/dtd validation). If it fails, it doesn't even enter the
approval process. Perhaps a notification email is sent describing that an
invalid submittal was sent. The user is returned an error page saying the
post was rejected, in case it was just a mistake.
On another note, can images/PDFs/other-binaries be uploaded?
-Rob
|