Hi Chetan, On Fri, May 4, 2012 at 5:18 AM, Chetan Mehrotra <[email protected]> wrote: > ...Let me know if any other change is required from my side for this feature > to be included in Sling...
I haven't looked in detail yet, but IIUC your service allows arbitrary code to be executed from a POST request (which is cool in the context of testing that I saw in your example). As that can be a security risk, maybe it would be good to have some form of warning, that people must be aware of the implications if enabling that service? Maybe just a WARN log message at activation time, or something similar that reasonable users shouldn't ignore. -Bertrand
