cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leszek Gawron <>
Subject Re: Possible security problem with flowscript
Date Wed, 20 Oct 2004 17:15:40 GMT
Carsten Ziegeler wrote:

>>-----Original Message-----
>>From: Vadim Gritsenko [] 
>>Sent: Wednesday, October 20, 2004 3:23 PM
>>Subject: Re: Possible security problem with flowscript
>>Carsten Ziegeler wrote:
>>>So what are we going to do about this?
>>Discussion of this mostly moved to bugzilla #31676.
> Which is not a good place to discuss :)
So I will repeat my proposal here. My idea is to implement (nearly done) 
a continuations manager that has 3 levels of security:
- standard (current functionality)
- continuations invalidated along with session, still the continuation 
is reachable from other sessions (or no session at all)
- fully isolated. only the session that created the continuation can 
access it.

For my web applications I would surely go for for full isolation so I 
would like to have this option in cocoon core (so I do not have to patch 
every of my projects).

Is there any sense to bind continuations to the sitemap? Vadim?

I am very eager to provide a new production quality continuations 
manager as soon as the final solution gets agreed upon.

Leszek Gawron                            
Project Manager                                    MobileBox sp. z o.o.
+48 (61) 855 06 67                    
mobile: +48 (501) 720 812                       fax: +48 (61) 853 29 65

View raw message