[ http://wso2.org/jira/browse/MASHUP-603?page=comments#action_15188 ] Keith Godwin Chapman commented on MASHUP-603: ---------------------------------------------
Fixed in revision 12943. We create a _private dir in the resources folder upon deployment. We do not zip this folder up when sharing or downloading. > Sharing and downloading includes potentially confidential information in temp > files > ----------------------------------------------------------------------------------- > > Key: MASHUP-603 > URL: http://wso2.org/jira/browse/MASHUP-603 > Project: WSO2 Mashup Server > Issue Type: Improvement > Reporter: Jonathan Marsh > Assigned To: Keith Godwin Chapman > Fix For: 1.0 > > > When I share or download a mashup like storexml, the runtime temp files are > downloaded as well, even though they are not necessary to run the mashup. > Say I used storexml to store passwords for a mashup, or if I used the file > system directly within that mashup. By downloading the mashup you not only > get potentially large amounts of irrelevant garbage, but possibly > confidential information or state information that could prevent the mashup > from running in a fresh environment. > I propose checking for a folder called "_private" within the .resources > folder and excluding it from the shared-mashup package. I would adjust the > storexml sample service, and perhaps others, to make use of this folder as > appropriate. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://wso2.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira _______________________________________________ Mashup-dev mailing list [email protected] http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
