Hi, Bertrand Delacretaz schrieb: > Hi, > > On Wed, Apr 22, 2009 at 6:22 PM, Rory Douglas <[email protected]> wrote: >> Bertrand Delacretaz wrote: >>> 2) Prevent legitimate scripts from messing up with the system >> An variant of 2) just showed up in the "Accessing JCR" thread. Looks like >> anyone that can upload a script can do the following: >> >> <sling:defineObjects/> >> <% >> SlingRepository repo = sling.getService(SlingRepository.class); >> Session superSession = repo.loginAdministrative(null); >> // and then do anything, like >> superSession.getRootNode().remove(); >> %> > > loginAdministrative is fine for trusted code, but you're right that we > might want to restrict it. > > Not sure how to best approach this...what do people think?
In terms of OPSGi and Java Security, the best approach would probably be to guard this method by the SecurityManager and introduce a Permission for this. Regards Felix
