Return-Path: 
 <docs-return-1763-apmail-cocoon-docs-archive=cocoon.apache.org@cocoon.apache.org>
Delivered-To: apmail-cocoon-docs-archive@cocoon.apache.org
Received: (qmail 94369 invoked by uid 500); 10 Aug 2003 09:59:52 -0000
Mailing-List: contact docs-help@cocoon.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:docs-help@cocoon.apache.org>
list-unsubscribe: <mailto:docs-unsubscribe@cocoon.apache.org>
list-post: <mailto:docs@cocoon.apache.org>
Reply-To: docs@cocoon.apache.org
Delivered-To: mailing list docs@cocoon.apache.org
Received: (qmail 94356 invoked from network); 10 Aug 2003 09:59:51 -0000
Received: from dobit2.ugent.be (HELO dobit2.rug.ac.be) (157.193.42.8)
  by daedalus.apache.org with SMTP; 10 Aug 2003 09:59:51 -0000
Received: from allserv.UGent.be (allserv.ugent.be [157.193.40.42])
	by dobit2.rug.ac.be (8.12.8/8.12.8) with ESMTP id h7AA04lZ005479
	for <docs@cocoon.apache.org>; Sun, 10 Aug 2003 12:00:04 +0200 (MEST)
Received: from otsrv1.iic.rug.ac.be (otsrv1.iic.ugent.be [157.193.121.51])
	by allserv.UGent.be (8.12.8/8.12.8) with ESMTP id h7AA03GV027969
	for <docs@cocoon.apache.org>; Sun, 10 Aug 2003 12:00:03 +0200 (MEST)
Received: from otsrv1.iic.rug.ac.be (localhost [127.0.0.1])
	by otsrv1.iic.rug.ac.be (8.11.6/8.11.6) with ESMTP id h7AA03x16302
	for <docs@cocoon.apache.org>; Sun, 10 Aug 2003 12:00:03 +0200
Date: Sun, 10 Aug 2003 12:00:03 +0200
Message-Id: <200308101000.h7AA03x16302@otsrv1.iic.rug.ac.be>
From: stevenn@outerthought.org
To: docs@cocoon.apache.org
Subject: [WIKI-UPDATE] DocsWishlist Security Sun Aug 10 12:00:03 2003
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Page: http://wiki.cocoondev.org/Wiki.jsp?page=DocsWishlist , version: 19 on Sun Aug 10 09:10:48 2003 by JoergHeinicke

- *A page describing issues about Cocoon security, including sitemap issues such as utilising "internal-only" pipelines to prevent access to important resources (e.g. see [email discussion|http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=104561320205671]) -- [David Crossley]
+ *A page describing issues about Cocoon [security], including sitemap issues such as utilising "internal-only" pipelines to prevent access to important resources (e.g. see [email discussion|http://marc.theaimsgroup.com/?l=xml-cocoon-dev&m=104561320205671]) -- [David Crossley]
?                                        +        +



Page: http://wiki.cocoondev.org/Wiki.jsp?page=Security , version: 2 on Sun Aug 10 09:17:31 2003 by JoergHeinicke

+ * internal pipelines (not reachable from outside, but with cocoon: pseudo protocol): {{<map:pipeline internal-only="true"/>}}
+ * issues with paths, e.g. a {{showfile}} page where request param {{file}} specifies the file to show:
+ {{{
+ <map:match pattern="showfile">
+   <map:act type="request">
+     <map:parameter name="parameters" value="true"/>
+     <map:read src="{file}" mime-type="text/plain"/>
+   </map:act>
+ </map:match>
+ }}}
-