[
https://issues.apache.org/jira/browse/OAK-4959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831553#comment-15831553
]
angela commented on OAK-4959:
-----------------------------
sorry didn't have time yet to look at it in detail... but the longer I think
about it the more I feel that using a {{PrincipalConfiguration}} for that is a
bad idea and quite an ugly hack. why is it not possible to add the validator in
the setup as we do with others such as e.g. {{PrivateStoreValidatorProvider}},
{{ItemSaveValidatorProvider}} or {{NameValidatoryProvider}}?
> Review the security aspect of bundling configuration
> ----------------------------------------------------
>
> Key: OAK-4959
> URL: https://issues.apache.org/jira/browse/OAK-4959
> Project: Jackrabbit Oak
> Issue Type: Task
> Components: documentmk
> Reporter: Chetan Mehrotra
> Assignee: Chetan Mehrotra
> Labels: bundling
> Fix For: 1.6, 1.6.0
>
> Attachments: OAK-4959-v1.patch
>
>
> The config for node bundling feature in DocumentNodeStore is currently stored
> under {{jcr:system/rep:documentStore/bundlor}}. This task is meant to
> * Review the access control aspect - This config should be only updatetable
> by system admin
> * Config under here should be writeable via JCR api
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
