jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Strasser <tobias.stras...@gmail.com>
Subject Re: litmus results
Date Fri, 01 Apr 2005 06:00:02 GMT
well, the server just populates the exceptions from the jcr170 api.
most of the 'access denieds' result in a 'itemnotfound' or
'pathnotfound' exceptions, since a AccessDeniedException would reveal
to much information.

for example, if you have:

/a/doument
/a/secret_document

and you issue: A.getNode("secret_document") and you have no read
permission for this item, you would get a ItemNotFound, same as for
A.getNode("foo"). If it would throw a AccessDenied for the
secret_document and an ItemNotFound for the 'foo', that would be too
much of information revealed.

cheers, tobi

On Apr 1, 2005 12:55 AM, Brian Moseley <bcm@osafoundation.org> wrote:
> Angela Schreiber wrote:
> 
> > thanks a lot.
> >
> > i will sent you a commented list back, as soon as i'm
> > through... i will spent some time on the locking, since
> > jackrabbit now has the locking part build in.
> 
> excellent, thank you!
> 
> one other behavior i noted today was that when a user doesn't have
> permission to view a repository item, the webdav response code is 404,
> not 403 as i'd expect. any thoughts on this?
> 


-- 
------------------------------------------< tobias.strasser@day.com >---
Tobias Strasser, Day Management AG, Barfuesserplatz 6, CH - 4001 Basel
T +41 61 226 98 98, F +41 61 226 98 97 
-----------------------------------------------< http://www.day.com >---

Mime
View raw message