jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukas Eder <lukas.e...@gmail.com>
Subject Re: "Secure realm" of internal APIs to prevent costly access control lookups
Date Mon, 25 Mar 2013 17:26:54 GMT
2013/3/25 Jukka Zitting <jukka.zitting@gmail.com>:
> Hi,
> On Mon, Mar 25, 2013 at 5:36 PM, Lukas Eder <lukas.eder@gmail.com> wrote:
>> Let me put it bluntly. On a Unix system, sudo is so much more useful
>> than going to the hard drive with a magnet and applying some Tesla
>> magic, to bypass access control :-)
> It is, but a Unix system does not *implement* access control with sudo.

Exactly. Sudo helps bypassing access control.

> The equivalent to sudo in JCR speak would be Session.impersonate().
> Perhaps that's more in line with what you're seeking?

It probably is (or an explicit login). But as Angela correctly pointed
out, a small but important implementation fact slipped by me in my
real use case.

Thanks for your help

View raw message