cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leszek Gawron <>
Subject Re: Possible security problem with flowscript
Date Wed, 20 Oct 2004 18:33:51 GMT
Carsten Ziegeler wrote:

> "Leszek Gawron" <> wrote:
>>Carsten Ziegeler wrote:
>>>Which is not a good place to discuss :)
>>So I will repeat my proposal here. My idea is to implement (nearly done) 
>>a continuations manager that has 3 levels of security:
>>- standard (current functionality)
>>- continuations invalidated along with session, still the continuation 
>>is reachable from other sessions (or no session at all)
>>- fully isolated. only the session that created the continuation can 
>>access it.
>>For my web applications I would surely go for for full isolation so I 
>>would like to have this option in cocoon core (so I do not have to patch 
>>every of my projects).
>>Is there any sense to bind continuations to the sitemap? Vadim?
> Yes, I really think so. IMHO it is simply wrong to continue a script in a 
> sitemap where it hasn't been declared - and as soon as the flow script tries
> to address relative resources it won't work anyway.
Just one more question: should this be an option to maintain compatibility?

Leszek Gawron                            
Project Manager                                    MobileBox sp. z o.o.
+48 (61) 855 06 67                    
mobile: +48 (501) 720 812                       fax: +48 (61) 853 29 65

View raw message