Sorry if I am a bit naive. But what store do you use for descriptors? I wonder where in the JDBC stores the order of the ACEs is saved/enforced. If you do a SELECT on permissions, is there any guaranty that you receive the ACEs in a particular order? If not, this would indeed be a big, big security hole, which I cannot believe to not have been encountered before.
Regards, Ingo > Strange behaviour! > > After setting the ACL with WebdavResource.aclMethod the ACL-Info shows > the correct settings and the server acts as expected: > > Subject Action Inheritable Deny=20 > /files/users/slideadmin /actions true false > /files/users/ockenfeld /actions true false > +/files/users/groups/12200963 /actions true false > /files/users /actions true true > > But in some cases the order of the ACEs changes(I don't know why) and > the server denies access to everybody! > > Subject Action Inheritable Deny=20 > /files/users /actions true true > +/files/users/groups/12200963 /actions true false=20 > /files/users/ockenfeld /actions true false=20 > /files/users/slideadmin /actions true false=20 > > > Does anybody know, whats going on here?!? > > I'm using slide from 21-04-2003 on JBoss 3.2.1 with a MySQL-DB > and I have got a big security-problem... > > Please help! > > Regards > Marc > > > --=20 > > > Marc Sommer I::Dev > +49 721 91374-364 Schlund + Partner AG > PGP Key-ID: 0743ED19 http://www.schlund.de --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
