Hi Ian, Ian Boston schrieb: > > On 23 Jun 2009, at 14:06, Felix Meschberger wrote: > >> Hi, >> >> Ian Boston schrieb: >>> >>> On 23 Jun 2009, at 12:28, Bertrand Delacretaz wrote: >>>>> Although Sling might choose to ignore this, I/we (sakai) are going >>>>> to need to do something since all our users have write access to the >>>>> repo, and at least 10% of them are Computer Science first year >>>>> students just itching to prove their prowess by hacking/defacing an >>>>> institutional system :) >>>> >>>> Brings back memories ;-) >>>> >>>> If we're using a distinct session for script resolution, we might want >>>> to make its credentials configurable, and setup that user to see >>>> scripts only under /libs and /apps. Would that suit your needs? >>> >>> yes, >>> certainly would, >>> We already have a "securityloader" along the same lines as the >>> "contentloader" so configuration of that would be easy for us. >> >> The first step will be to use an admin session to access the scripts. So >> you may lock down read-access on these areas, where you deam read-access >> is not suitable. > > > Forgive me, this might sound dumb (and it wont the fist time).
Or maybe it was me ... and not the first time, either. > If the admin session is used to *load* scripts for execute, then surely > it can load scripts from anywhere ? Yes. > I agree users wont be able to write or read scripts in the special > area... but my concern is not stopping them reading scripts that might > run, or uploading scripts to somewhere where they can write, but to stop > untrusted scripts from executing. I see. > I the absence of any other control, the admin session will allow execute > of all scripts on the content system. > > Please tell me I have missed something, and I am being dumb :) Correct, so I would then say: the actual user is to be configurable but default to admin. Would that be ok for you ? Regards Felix
