Thomas Mueller created JCR-3858:
-----------------------------------
Summary: NodeIterator.getSize(): compatibility with Jackrabbit 2.5
Key: JCR-3858
URL: https://issues.apache.org/jira/browse/JCR-3858
Project: Jackrabbit Content Repository
Issue Type: New Feature
Affects Versions: 2.7, 2.6.2
Reporter: Thomas Mueller
Assignee: Thomas Mueller
In Jackrabbit 2.5 and older, the query result set (NodeIterator.getSize()) was
an estimation that sometimes included nodes that are not visible for the
current user.
This is a possible security problem. The behavior was changed (and the security
problem fixed) in JCR-3402. However, this is an incompatibility with Jackrabbit
2.5.
I suggest to make this configurable in workspace.xml / repository.xml (or a
system property, if that turns out to be too complicated). The default is the
current (secure) behavior, with the option to use the old variant.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
