[ http://wso2.org/jira/browse/MASHUP-603?page=all ]
Keith Godwin Chapman resolved MASHUP-603.
-----------------------------------------
Resolution: Fixed
> Sharing and downloading includes potentially confidential information in temp
> files
> -----------------------------------------------------------------------------------
>
> Key: MASHUP-603
> URL: http://wso2.org/jira/browse/MASHUP-603
> Project: WSO2 Mashup Server
> Issue Type: Improvement
> Reporter: Jonathan Marsh
> Assigned To: Keith Godwin Chapman
> Fix For: 1.0
>
>
> When I share or download a mashup like storexml, the runtime temp files are
> downloaded as well, even though they are not necessary to run the mashup.
> Say I used storexml to store passwords for a mashup, or if I used the file
> system directly within that mashup. By downloading the mashup you not only
> get potentially large amounts of irrelevant garbage, but possibly
> confidential information or state information that could prevent the mashup
> from running in a fresh environment.
> I propose checking for a folder called "_private" within the .resources
> folder and excluding it from the shared-mashup package. I would adjust the
> storexml sample service, and perhaps others, to make use of this folder as
> appropriate.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
