On 12/06/2012 07:13, Carsten Ziegeler wrote: > Another solution is to not rely on the Sling post servlet but write > special post scripts for the resource types you want to support.
Thanks everyone for the suggestions. My rough idea was to use the JSON import for creating the initial strucuture. Let's call it "1st POST". Then using the resourceTypes+selectors+POST to update the already existing structures (2nd POSTs). About the user having the rights and messing with the data it's always possible. I'd just like to reduce the risk of people messing around just for fun. > Btw, I still think that we need something in this area - along with > better validation. I started a prototype long time ago, but never got > it to a point to share it. But I plan to have something for the next > adaptTo in September... I'll give a look at all the suggestions but I really think that Sling should provide some "security" mechanism against misusage of PostServlet. Cheers davide
