jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Security Concerns wrt Index Definitions
Date Wed, 13 Nov 2013 18:23:32 GMT
hi jukka

oak only has 2 built-in users: admin and anonymous.
we don't have an administrators group and we can't predefine
the access control content as this depends on the repository
setup... we don't and should not mandate a particular access
control model.

we could however treat the built-in index definitions as repository
internal content such as we do for the permission store. but
if we do, we should make this configurable and extensible.

kind regards
angela

On 11/13/13 6:27 PM, "Jukka Zitting" <jukka.zitting@gmail.com> wrote:

>Hi,
>
>On Wed, Nov 13, 2013 at 12:16 PM, Angela Schreiber <anchela@adobe.com>
>wrote:
>> regarding restricting permissions:
>> we should have that in the default setup instead of relying on
>> some specific user of OAK to remember to setup it. experience
>> shows that this simply doesn't work; we have to make the repository
>> secure by default.
>
>How about we restrict the default indexes in /oak:index to administrators?
>
>BR,
>
>Jukka Zitting


Mime
View raw message