cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vadim Gritsenko <>
Subject Re: Possible security problem with flowscript
Date Wed, 20 Oct 2004 22:13:31 GMT
Joerg Heinicke wrote:
> On 20.10.2004 20:07, Carsten Ziegeler wrote:
>> IMHO it is simply wrong to continue a script in a sitemap where it 
>> hasn't been declared - and as soon as the flow script tries
>> to address relative resources it won't work anyway.
> But how should binding a continuation to the sitemap solve the problem? 
> You are always forced to divide your application into two parts (i.e. 
> sitemaps), one that is protected, one unprotected. Or am I wrong?

If you mean issue in subject - yes, you'll have to have two different sitemaps, 
one protected and one public. But I already mentioned this earlier in the thread.


View raw message