cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Stevens" <at...@hotmail.com>
Subject Re: Restrict access to parts of sitemap
Date Thu, 20 Jul 2006 18:00:14 GMT
>From: "Bertrand Delacretaz" <bdelacretaz@apache.org>
>Date: Thu, 20 Jul 2006 10:13:06 +0200
>
>On 7/19/06, 321los@gmail.com <321los@gmail.com> wrote:
>
>>...<map:match pattern="buildIndex">
>>         <map:generate src="http://localhost:8080//index.xml
>>"/>...
>
>
>>...which means every (outside) user could be able to start the index when
>>calling buildIndex. I would like to avoid that. Question is: how? ..
>
>The clean and safest way is to use Cocoon's authentication framework
>to require authentication before accessing buildindex.
>
>But you could also:
>
>a) check the client's IP address and allow only requests from
>localhost to buildindex (if you're using a reverse proxy in front of
>Cocoon you'll get this via the X-Forwarded-For header, which you can
>check with a WildcardHeaderMatcher, but see
>http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat)
>
>b) use security by obscurity and use a hard go guess URL instead of
>buildindex. It's not really safe but the risks are not very high
>either if it's just for index creation
>
>-Bertrand

Another possibility - you could always use the J2EE container-provided 
security and add a security-constraint to your web.xml for 
<url-pattern>/buildindex</url-pattern>.  That might be simpler than learning 
the authentication framework or acegi if don't need to authenticate users in 
the rest of your site.


Andrew.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message