On Nov 17, 2014, at 10:34 AM, Andrew Petro <[email protected]> wrote:
> I suggest *not* defaulting category and group selections. > Fail closed rather than failing open. Accidentally *not* putting a portlet > into a category and *not* making groups of users able to use it has a worst > case of the newly published content not being available as one would like -- > and that issue can be mitigated by making the portlet publication UI more > helpful [1]. However, accidentally publishing a portlet such that anyone can > use it and anyone can readily find it in the customize drawer, well, if the > portlet relied upon the framework providing coarse-grained access control, > that's an opportunity to have a security incident. This nuancing of the original proposal sounds very reasonable. drew -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev
