cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 321...@gmail.com
Subject Re: Restrict access to parts of sitemap
Date Thu, 20 Jul 2006 20:09:22 GMT
Hello,
thanks to both of you for the answers. Will look into it tomorrow; now it's
time for my beauty sleep. ;)
Marco


2006/7/20, Andrew Stevens <ats37@hotmail.com>:
>
> >From: "Bertrand Delacretaz" <bdelacretaz@apache.org>
> >Date: Thu, 20 Jul 2006 10:13:06 +0200
> >
> >On 7/19/06, 321los@gmail.com <321los@gmail.com> wrote:
> >
> >>...<map:match pattern="buildIndex">
> >>         <map:generate src="http://localhost:8080//index.xml
> >>"/>...
> >
> >
> >>...which means every (outside) user could be able to start the index
> when
> >>calling buildIndex. I would like to avoid that. Question is: how? ..
> >
> >The clean and safest way is to use Cocoon's authentication framework
> >to require authentication before accessing buildindex.
> >
> >But you could also:
> >
> >a) check the client's IP address and allow only requests from
> >localhost to buildindex (if you're using a reverse proxy in front of
> >Cocoon you'll get this via the X-Forwarded-For header, which you can
> >check with a WildcardHeaderMatcher, but see
> >
> http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat
> )
> >
> >b) use security by obscurity and use a hard go guess URL instead of
> >buildindex. It's not really safe but the risks are not very high
> >either if it's just for index creation
> >
> >-Bertrand
>
> Another possibility - you could always use the J2EE container-provided
> security and add a security-constraint to your web.xml for
> <url-pattern>/buildindex</url-pattern>.  That might be simpler than
> learning
> the authentication framework or acegi if don't need to authenticate users
> in
> the rest of your site.
>
>
> Andrew.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
>

Mime
View raw message