On 3/1/03 7:25 PM, "Rickard Öberg" ([EMAIL PROTECTED]) penned the words:
> Mike Cannon-Brookes wrote: >> Hrm - no, this is thinking the wrong way mate :) >> >> If webwork defined paths, security would work perfectly right? >> >> So why not have webwork only 'work' if the path is correct (and defined)? >> >> Ie /admin/foo.action would execute foo, but /bar/admin/foo.action would >> execute nothing. > > Then the action would be "pinned" to that particular path, and skinning > wouldn't work. I have _never_ needed to use the fact that actions can move paths, and I would hasten to guess that 95% of WebWork users don't care either? Leave the option open to do both, and we'll satisfy the security problems (by pinning paths). -mike PS IMHO the principle of least surprise here is that actions are NOT available anywhere. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork