[
https://issues.apache.org/jira/browse/JCRVLT-449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17147487#comment-17147487
]
Tobias Bocanegra commented on JCRVLT-449:
-----------------------------------------
the rcp tasks are only used during migration and require admin access.
currently the RCP servlet is not secured, which allows everyone to install
tasks. being able to install the tasks via packages makes it probably even more
insecure.
I would
- require an admin session when adding a task
- store the tasks in the bundle data
- ensure that the entire task state is stored (e.g. copy traversal state)
> VLT-RCP: Optionally persist tasks
> ---------------------------------
>
> Key: JCRVLT-449
> URL: https://issues.apache.org/jira/browse/JCRVLT-449
> Project: Jackrabbit FileVault
> Issue Type: Improvement
> Reporter: Konrad Windszus
> Assignee: Konrad Windszus
> Priority: Major
> Fix For: 3.4.6
>
>
> All tasks in the RcpTaskManagerImpl are only held in memory, which means they
> will be gone after a service/bundle/system restart. It should be possible to
> persist the tasks either in the repository or the bundle data file
> (https://docs.osgi.org/javadoc/r4v43/core/org/osgi/framework/BundleContext.html#getDataFile(java.lang.String))
> to make them survive restarts.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
