On Sat, Jan 16, 2010 at 4:46 AM, Andreas Andreou <[email protected]> wrote: > Voting for the 5.1.0.7 has failed - here are the individual votes: > > Andreas Andreou: +1 (binding) > Howard M. Lewis Ship: +0 (binding) > Thiago H. de Paula Figueiredo: +0 (binding) > > Igor Drobiazko: +1 > Dan Adams: +1 > Massimo Lusetti: +1 > Daniel Jue +1 > Robert Zeigler: -0 > Dmitry Gusev: -1 > Ulrich Stärk: +0 > > I guess we need to reopen or create a new issue that describes what > was mentioned in this discussion & all interested parties should comment > and/or help on that.
Agreed. For me the core of the issue is that the client should not be able to list a directory remotely, and certain files may only be accessed if allowed. I'd like to restore T4's approach, that protected files can still be exposed to the user, as long as they are accompanied by a hash code that proves that the application extended access to them. Sensible defaults: hibernate.cfg.xml, for example, should be protected. Also, a way to turn off Tapestry's behavior with context assets, in case the context has its own security configuration (otherwise, Tapestry becomes a way around that security). > > -- > Andreas Andreou - [email protected] - http://blog.andyhot.gr > Tapestry / Tacos developer > Open Source / JEE Consulting > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Howard M. Lewis Ship Creator of Apache Tapestry The source for Tapestry training, mentoring and support. Contact me to learn how I can get you up and productive in Tapestry fast! (971) 678-5210 http://howardlewisship.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
