On Thu, Mar 7, 2013 at 12:09 PM, Angela Schreiber <[email protected]> wrote: > ...b) the script execution: that's obviously related to the former with > one additional twist. everyone that can create a script may not only > become admin in sling but also gets file system access....
That's "anyone who can write a script inside /libs or /apps", right? In which case it's relatively easy to prevent with strict ACLs on those paths , and if not we should create specific issues to plug any holes. -Bertrand
