From: "Bertrand Delacretaz" <[EMAIL PROTECTED]>
Date: Thu, 20 Jul 2006 10:13:06 +0200
On 7/19/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
...<map:match pattern="buildIndex">
<map:generate src="http://localhost:8080//index.xml
"/>...
...which means every (outside) user could be able to start the index when
calling buildIndex. I would like to avoid that. Question is: how? ..
The clean and safest way is to use Cocoon's authentication framework
to require authentication before accessing buildindex.
But you could also:
a) check the client's IP address and allow only requests from
localhost to buildindex (if you're using a reverse proxy in front of
Cocoon you'll get this via the X-Forwarded-For header, which you can
check with a WildcardHeaderMatcher, but see
http://bob.pythonmac.org/archives/2005/09/23/apache-x-forwarded-for-caveat)
b) use security by obscurity and use a hard go guess URL instead of
buildindex. It's not really safe but the risks are not very high
either if it's just for index creation
-Bertrand
Another possibility - you could always use the J2EE container-provided
security and add a security-constraint to your web.xml for
<url-pattern>/buildindex</url-pattern>. That might be simpler than learning
the authentication framework or acegi if don't need to authenticate users in
the rest of your site.
Andrew.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
