cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Ziegeler" <>
Subject Re: Possible security problem with flowscript
Date Wed, 20 Oct 2004 18:07:05 GMT
"Leszek Gawron" <> wrote:
> Carsten Ziegeler wrote:
> > 
> > Which is not a good place to discuss :)
> So I will repeat my proposal here. My idea is to implement (nearly done) 
> a continuations manager that has 3 levels of security:
> - standard (current functionality)
> - continuations invalidated along with session, still the continuation 
> is reachable from other sessions (or no session at all)
> - fully isolated. only the session that created the continuation can 
> access it.
> For my web applications I would surely go for for full isolation so I 
> would like to have this option in cocoon core (so I do not have to patch 
> every of my projects).
> Is there any sense to bind continuations to the sitemap? Vadim?
Yes, I really think so. IMHO it is simply wrong to continue a script in a 
sitemap where it hasn't been declared - and as soon as the flow script tries
to address relative resources it won't work anyway.

> I am very eager to provide a new production quality continuations 
> manager as soon as the final solution gets agreed upon.


View raw message