Sharing and downloading includes potentially confidential information in temp
files
-----------------------------------------------------------------------------------
Key: MASHUP-603
URL: http://wso2.org/jira/browse/MASHUP-603
Project: WSO2 Mashup Server
Issue Type: Improvement
Reporter: Jonathan Marsh
Assigned To: Keith Godwin Chapman
Fix For: 1.0
When I share or download a mashup like storexml, the runtime temp files are
downloaded as well, even though they are not necessary to run the mashup. Say
I used storexml to store passwords for a mashup, or if I used the file system
directly within that mashup. By downloading the mashup you not only get
potentially large amounts of irrelevant garbage, but possibly confidential
information or state information that could prevent the mashup from running in
a fresh environment.
I propose checking for a folder called "_private" within the .resources folder
and excluding it from the shared-mashup package. I would adjust the storexml
sample service, and perhaps others, to make use of this folder as appropriate.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
