[ https://issues.apache.org/jira/browse/SLING-6130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oliver Lietz updated SLING-6130: -------------------------------- Description: Currently {{everyone}} can {{read}} from {{/}} (configured in {{OakSlingRepositoryManager}}). Access for {{everyone}} should be restricted: * {{read}} should be restricted to {{/content}} * configuration of principals and ACLs should be done with _repoinit_ # Change path from {{/}} to {{/content}} in {{OakSlingRepositoryManager}} (/) ([r1764259|https://svn.apache.org/r1764259]) # Fix modules (samples) relying on _unrestricted_ {{read}} access # Move configuration of ACLs to _repoinit_ discussion on [dev@|https://lists.apache.org/thread.html/36908ed62ac93c63cad594a897f8abceb93f08da5bcea30dbce98e58@%3Cdev.sling.apache.org%3E] was: Currently {{everyone}} can {{read}} from {{/}} (configured in {{OakSlingRepositoryManager}}). Access for {{everyone}} should be restricted: * {{read}} should be restricted to {{/content}} * configuration of principals and ACLs should be done with _repoinit_ # Change path from {{/}} to {{/content}} in {{OakSlingRepositoryManager}} # Fix modules (samples) relying on _unrestricted_ {{read}} access # Move configuration of ACLs to _repoinit_ discussion on [dev@|https://lists.apache.org/thread.html/36908ed62ac93c63cad594a897f8abceb93f08da5bcea30dbce98e58@%3Cdev.sling.apache.org%3E] > Restrict access for principal everyone and move configuration to repoinit > ------------------------------------------------------------------------- > > Key: SLING-6130 > URL: https://issues.apache.org/jira/browse/SLING-6130 > Project: Sling > Issue Type: Improvement > Components: JCR, Oak > Affects Versions: JCR Oak Server 1.1.0 > Reporter: Oliver Lietz > Assignee: Oliver Lietz > Labels: security > Fix For: JCR Oak Server 1.1.2 > > > Currently {{everyone}} can {{read}} from {{/}} (configured in > {{OakSlingRepositoryManager}}). > Access for {{everyone}} should be restricted: > * {{read}} should be restricted to {{/content}} > * configuration of principals and ACLs should be done with _repoinit_ > # Change path from {{/}} to {{/content}} in {{OakSlingRepositoryManager}} (/) > ([r1764259|https://svn.apache.org/r1764259]) > # Fix modules (samples) relying on _unrestricted_ {{read}} access > # Move configuration of ACLs to _repoinit_ > discussion on > [dev@|https://lists.apache.org/thread.html/36908ed62ac93c63cad594a897f8abceb93f08da5bcea30dbce98e58@%3Cdev.sling.apache.org%3E] -- This message was sent by Atlassian JIRA (v6.3.4#6332)