cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <>
Subject Re: cocoon-view as possible security problem? (fwd)
Date Fri, 21 Mar 2003 12:04:41 GMT
Tony Collen wrote:

>forwarding this to -users because i am having a little bit of lag and
>mistyped the address the first time :P

Have a look at my answer on cocoon-dev :


>---------- Forwarded message ----------
>Date: Thu, 20 Mar 2003 16:14:31 -0500 (EST)
>From: Tony Collen <>
>Subject: cocoon-view as possible security problem?
>Browsing the livesites, on a whim I tried this URL:
>and it worked!  Obviously someone deploying Cocoon should be aware that
>this view is "on" by default, and may reveal data in your page you might
>not want.  I have yet to see "bad" data get exposed, but there's always
>the possibility.
>Do we want the views turned off by default, and have a message in the
>sitemap about enabling the views?  Would it make more sense to have
>thename of the "cocoon-view" parameter be able to be changed via
>configuration?  Say I wanted the parameter to be my-view instead of
>cocoon-view.  Security through obscurity?
>To unsubscribe, e-mail:
>For additional commands, e-mail:

Sylvain Wallez                                  Anyware Technologies 
{ XML, Java, Cocoon, OpenSource }*{ Training, Consulting, Projects }

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message