incubator-esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Hirsch <hirsch.d...@gmail.com>
Subject Re: Deleting user from access pool
Date Wed, 30 Sep 2009 08:58:26 GMT
@Xuefeng why don't you try it?

D.

On Wed, Sep 30, 2009 at 10:48 AM, Xuefeng Wu <benewu@gmail.com> wrote:
> I'm sorry, you mean Vassil or me?
>
> On Wed, Sep 30, 2009 at 4:43 PM, Richard Hirsch <hirsch.dick@gmail.com>wrote:
>
>> I've created a JIRA item for this topic
>> (https://issues.apache.org/jira/browse/ESME-87) - the JIRA item is a
>> little misleading but it is basically deleting users from pools.
>>
>> You've already worked on access pools. Maybe you'd like to work on this?
>>
>> Thanks.
>>
>> D.
>>
>> On Wed, Sep 30, 2009 at 9:59 AM, Vassil Dichev <vdichev@apache.org> wrote:
>> >> Should we allow for a user to be deleted from an access pool?
>> >>
>> >> If yes what happens? Does he no longer have access to the messages in
>> >> the pool - irregardless of whether he wrote them or not?
>> >
>> > It should be possible to delete a user, yes. I think it has been
>> > discussed or specified in the requirements pdf that once a message is
>> > in the user's mailbox, it stays there, so that's how it works now. At
>> > any rate, deleting a message from the mailbox, which the user may have
>> > already seen doesn't offer any more security. A user also doesn't see
>> > messages in his/her mailbox, which were sent before he was added to
>> > the pool.
>> >
>> > The interesting part is what happens if a pool has been removed and
>> > whether it should be possible at all. This could pose a security
>> > problem if an impostor creates a pool with the same name (similar to
>> > what might happen with a deleted user account)
>> >
>>
>
>
>
> --
> Global R&D Center,Shanghai China,Carestream Health, Inc.
> Tel:(86-21)3852 6101
>

Mime
View raw message