On Wed, Apr 22, 2009 at 2:44 PM, Jukka Zitting wrote:
> Hi,
>
> On Wed, Apr 22, 2009 at 2:22 PM, Tobias Bocanegra wrote:
>> System.exit() bears IMO no real risk, since it can be prevented by
>> java security.
>
> I'd like to see the relevant java security settings. With all the OSGi
> stuff, JCR
Hi,
Jukka Zitting schrieb:
> Hi,
>
> On Wed, Apr 22, 2009 at 2:22 PM, Tobias Bocanegra wrote:
>> System.exit() bears IMO no real risk, since it can be prevented by
>> java security.
>
> I'd like to see the relevant java security settings. With all the OSGi
> stuff, JCR bundle loading, and scrip
Hi,
On Wed, Apr 22, 2009 at 2:22 PM, Tobias Bocanegra wrote:
> System.exit() bears IMO no real risk, since it can be prevented by
> java security.
I'd like to see the relevant java security settings. With all the OSGi
stuff, JCR bundle loading, and script compiling in place I think
coming up wit
On Wed, Apr 22, 2009 at 12:41 PM, Felix Meschberger wrote:
> Hi,
>
> Jukka Zitting schrieb:
>> Hi,
>>
>> I was thinking about the implications of giving a user write access to
>> a subtree of the repository. With that access the user could now
>> upload a new script and create a node that invokes
On Wed, Apr 22, 2009 at 1:42 PM, Felix Meschberger wrote:
> Hi,
>
> Carsten Ziegeler schrieb:
>> ...scripts are
>> only picked
>> up from configured paths (libs and apps by default). So as long as the
>> user is not allowed to write in these locations, everything should be fine.
>
> Well, there is
Hi,
Carsten Ziegeler schrieb:
> Bertrand Delacretaz wrote:
>> Hi Jukka,
>>
>> On Wed, Apr 22, 2009 at 12:25 PM, Jukka Zitting
>> wrote:
>>> ...I was thinking about the implications of giving a user write access to
>>> a subtree of the repository. With that access the user could now
>>> upload a
Bertrand Delacretaz wrote:
> Hi Jukka,
>
> On Wed, Apr 22, 2009 at 12:25 PM, Jukka Zitting
> wrote:
>> ...I was thinking about the implications of giving a user write access to
>> a subtree of the repository. With that access the user could now
>> upload a new script and create a node that invok
Hi Jukka,
On Wed, Apr 22, 2009 at 12:25 PM, Jukka Zitting wrote:
> ...I was thinking about the implications of giving a user write access to
> a subtree of the repository. With that access the user could now
> upload a new script and create a node that invokes that script when
> rendered
Req
Felix,
That sounds like it would address the issue of accepting scripts from
trusted sources but would not, make the scripts safe as per your
original post.
On System.exit itself
I cant remember if the runtime shutdown handler can veto System.exit,
although the damage will already be done
Hi,
Ian Boston schrieb:
> This is an interesting one for us, since all users will have write
> access to the repository.
> Is there an 'execute' permission in sling, or perhaps even an equivalent
> to the no execute mount option in posix. I see some extensions to the
> DefaultAccessControlManager
Hi,
Torgeir Veimo schrieb:
> The servlet container usually have default security policies defined, which
> can easily be changed. Eg for tomcat, look at conf/catalina.policy.
> Am not sure what facilities ogsi containers provide in this area though?
OSGi containers basically also depend on standa
Hi,
On Wed, Apr 22, 2009 at 12:40 PM, Torgeir Veimo wrote:
> The servlet container usually have default security policies defined, which
> can easily be changed. Eg for tomcat, look at conf/catalina.policy.
What would such a policy file look like, i.e. what codeBase should be
used and what permi
This is an interesting one for us, since all users will have write
access to the repository.
Is there an 'execute' permission in sling, or perhaps even an
equivalent to the no execute mount option in posix. I see some
extensions to the DefaultAccessControlManager looming.
Ian
On 22 Apr 2009
Hi,
Jukka Zitting schrieb:
> Hi,
>
> I was thinking about the implications of giving a user write access to
> a subtree of the repository. With that access the user could now
> upload a new script and create a node that invokes that script when
> rendered.
>
> What if the script contains somethi
The servlet container usually have default security policies defined, which
can easily be changed. Eg for tomcat, look at conf/catalina.policy.
Am not sure what facilities ogsi containers provide in this area though?
2009/4/22 Jukka Zitting
> Hi,
>
> I was thinking about the implications of givi
15 matches
Mail list logo