cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joerg Heinicke <joerg.heini...@gmx.de>
Subject Re: Possible security problem with flowscript
Date Wed, 20 Oct 2004 22:38:45 GMT
On 21.10.2004 00:13, Vadim Gritsenko wrote:

>>> IMHO it is simply wrong to continue a script in a sitemap where it 
>>> hasn't been declared - and as soon as the flow script tries
>>> to address relative resources it won't work anyway.
>>
>> But how should binding a continuation to the sitemap solve the 
>> problem? You are always forced to divide your application into two 
>> parts (i.e. sitemaps), one that is protected, one unprotected. Or am I 
>> wrong?
> 
> If you mean issue in subject - yes, you'll have to have two different 
> sitemaps, one protected and one public. But I already mentioned this 
> earlier in the thread.

Ah, sorry, seems I have missed it. I'm not reading the lists that 
intensively at the moment.

Joerg

Mime
View raw message