> -----Original Message----- > From: Stefano Mazzocchi [mailto:[EMAIL PROTECTED] > Sent: Monday, October 27, 2003 6:06 AM > To: James Developers List > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; lenya- > [EMAIL PROTECTED] > > > On Sunday, Oct 26, 2003, at 23:33 Europe/Rome, Noel J. Bergman wrote: > > >> He's not questioning whether it's encrypted. His point is, doco sends > >> an email to an address, and you respond. It gives very little > >> control, > >> even if there is a compromise. > > > > AIUI, the proposed solution would allow "anyone" to edit content, and > > contribute it as a "patch". Content could include defacements, > > changes to > > .htaccess, and CGI scripts. > > nah, dude, look: doco has a very precise editing access point. You can > *ONLY* modify xml content. So, changes to .htaccess, CGI scripts, > servlet upload, sql injection, cross-site-scripting, and you next > favorite attack will NOT work because the system prevents it by design > [not saying it cannot happen, but if it does it's a bug, not a faulty > design]
FWIW, I agree. Perhaps the submit goes to a well-formedness check (or even better?, schema/dtd validation). If it fails, it doesn't even enter the approval process. Perhaps a notification email is sent describing that an invalid submittal was sent. The user is returned an error page saying the post was rejected, in case it was just a mistake. On another note, can images/PDFs/other-binaries be uploaded? -Rob
