cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ulrich Mayring <u...@denic.de>
Subject Re: draft final version of the esql namespace
Date Thu, 09 Nov 2000 10:10:14 GMT
Donald Ball wrote:
> 
> okay, so what happens if two xsp pages choose the same pool name?

Then they both access the same pool - is this a problem?

> or what
> happens if a malicious xsp page attempts to get a connection from a
> privileged pool by guessing its name?

This is a shortcoming of the current design. You can guess a name or
look it up in cocoon.properties. But if you designed a pool such that
password and username have to be supplied dynamically, this problem goes
away.

Ulrich

-- 
Ulrich Mayring
DENIC eG, Systementwicklung

Mime
View raw message