cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leszek Gawron <lgaw...@mobilebox.pl>
Subject Re: Possible security problem with flowscript
Date Wed, 20 Oct 2004 18:33:51 GMT
Carsten Ziegeler wrote:

> "Leszek Gawron" <lgawron@mobilebox.pl> wrote:
> 
>>Carsten Ziegeler wrote:
>>
>>
>>>Which is not a good place to discuss :)
>>
>>So I will repeat my proposal here. My idea is to implement (nearly done) 
>>a continuations manager that has 3 levels of security:
>>- standard (current functionality)
>>- continuations invalidated along with session, still the continuation 
>>is reachable from other sessions (or no session at all)
>>- fully isolated. only the session that created the continuation can 
>>access it.
>>
>>For my web applications I would surely go for for full isolation so I 
>>would like to have this option in cocoon core (so I do not have to patch 
>>every of my projects).
>>
>>Is there any sense to bind continuations to the sitemap? Vadim?
>>
> 
> Yes, I really think so. IMHO it is simply wrong to continue a script in a 
> sitemap where it hasn't been declared - and as soon as the flow script tries
> to address relative resources it won't work anyway.
Just one more question: should this be an option to maintain compatibility?

-- 
Leszek Gawron                                      lgawron@mobilebox.pl
Project Manager                                    MobileBox sp. z o.o.
+48 (61) 855 06 67                              http://www.mobilebox.pl
mobile: +48 (501) 720 812                       fax: +48 (61) 853 29 65

Mime
View raw message