Did you actually get an answer? The short one is that no, it's not possible: Nuxeo Shell uses JBoss Remoting, which is designed as an equivalent to RMI and provides roughly full JVM access. So even if the shell superficially required credentials, underlying this the protocol would still be open to someone that compiled his own shell.
Florent On Mon, Mar 22, 2010 at 5:35 PM, Nel Taurisson <[email protected]> wrote: > Sorry, hit the button to fast. > > Thanks a lot for your answers. > Regards > > Nel > > > > > 2010/3/22 Nel Taurisson <[email protected]>: >> Hi, >> >> It seems to me that it is possible to connect to a remote nuxeo repo >> without any credential and have full read / write access to the repo. >> >> Maybe I'm missing a configuration property or something, but I'm >> affraid I can execute the following code either on nuxeo 5.2 or 5.3 : >> >> Collection<File> files = null; >> String bundles = System.getProperty("nuxeo.bundles"); >> if (bundles != null) { >> files = NuxeoApp.getBundleFiles(new File("."), bundles, ":"); >> } >> >> NuxeoApp app = new NuxeoApp(); >> app.start(); >> >> if (files != null) { >> app.deployBundles(files); >> } >> >> NuxeoClient client = NuxeoClient.getInstance(); >> >> client.tryConnect("localhost", 62474); >> >> RepositoryInstance repo = client.openRepository() ; >> CoreSession documentManager = repo.getSession() ; >> >> DocumentModel doc = documentManager.getDocument( new PathRef( >> "/default-domain" ) ) ; >> doc.setPropertyValue( "dc:description" , "I could have killed your >> repo" ) ; >> doc = documentManager.saveDocument( doc ) ; >> documentManager.save() ; >> >> System.out.println( documentManager.getDocument( new PathRef( >> "/default-domain" ) ).getPropertyValue( "dc:description" ) ) ; >> >> repo.close() ; >> > -- Florent Guillaume, Director of R&D, Nuxeo Open Source, Java EE based, Enterprise Content Management (ECM) http://www.nuxeo.com http://www.nuxeo.org +33 1 40 33 79 87 _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
