jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: Security of Move Operations
Date Wed, 05 Feb 2014 19:00:45 GMT
Hi,

On Wed, Feb 5, 2014 at 1:15 PM, Angela Schreiber <anchela@adobe.com> wrote:
> when discussing this in our weekly oak-meeting, tobi proposed
> to change the permission evaluation for the move such that
> modify-ac permission would be required on the source in order to
> be able to complete the move.
>
> this approach would however break backwards compatibility on how
> permissions are enforced upon move.

A possibly less intrusive alternative would be to require both read
and remove permissions on the whole subtree being moved. Even without
modify-ac, a user with full read/remove permissions could use other
content operations to achieve pretty much the same effect as a move.

BR,

Jukka Zitting

Mime
View raw message