Sorry if I am a bit naive. But what store do you use for descriptors?
I wonder where in the JDBC stores the order of the ACEs is saved/enforced. If you do a SELECT on permissions, is there any guaranty that you receive the ACEs in a particular order? If not, this would indeed be a big, big security hole, which I cannot believe to not have been encountered before.
Ingo,
This isn't saved on enforced by the jdbc stores. It wasn't originally neccesary, but see:
http://marc.theaimsgroup.com/?l=slide-dev&m=103576889315005&w=2
I pointed out that this was seriously broken about 10 months ago, when the change was introduced.
Basically, this means that currently you can't (safely) use a mixture of grant and deny privileges on a single node, if you're using any of the JDBC-based stores.
Mike
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
