I can easily write a resource provider which uses an admin session to interact with the repository and mount this into the resource tree bypassing all ACLs checks.
Features can be abused - no matter what we do. We have valid use cases for this concrete feature, so why are we making it so hard this time? Regards Carsten -- Carsten Ziegeler [email protected]
