Hi, Am 11.06.2012 um 09:03 schrieb Davide:
> (please note the quotes around securing). > > I really love the SlingPostServlet and the fact that I can create JCR > structure starting from a JSON stream. It really ease the process for > creating (and updating?) content. > > Now if I'd go for the usage of it, I'd like to prevent some malicious > teenager to use curl commands to POST fake/not-correct content to the > repository. > > I know that I can restrict it with user/password but what if he has the > right credentials? Access control is the way to go. If an attacker has knowledge of credentials to write to the repository, you have a problem to solve ;-) > > Are there any way to restrict the operations allowed by the PostServlet? None, other than access control on the content > > Enforcing some content structures? No. > > Prevent "flooding"? No, such mechanisms might make sense, but we don't have them Regards Fleix > > Cheers > Davide >
