Hi all, Disable giving System governance and System Config registries via CarbonContext to App Developers. Why do we need to give Registry to app developers?
- To be used as a repository. So simply give an empty repository. It could be backed by a DB, or persistent cache. Why is it more important now? This is opening up a security hole and specially after unified governance story. The problem is right now (in the Cloud) AF has secured tampering System governance registry by putting handlers/permissions. But in future data are not stored in specific paths and we won't be able to protect pre-defined paths. thanks, dimuthu -- Dimuthu Leelarathne Architect & Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: [email protected] Mobile : 0773661935 Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
