Hello,
when logged in as anonymous I can see all users, groups and acls with
the following URLs:
http://localhost:8080/index.html.eacl.json
http://localhost:8080/system/userManager/user.tidy.infinity.json
http://localhost:8080/system/userManager/group.tidy.1.json
http://localhost:8080/system/userManager/user/admin.tidy.1.json
I tried to avoid that by denying jcr:readAccessControl to the root node
with with following statement.
curl -FprincipalId=everyone -Fprivilege@jcr:readAccessControl=denied
http://admin:admin@localhost:8080/.modifyAce.html
The response was a http 200 status but I can still see the information
as anonymous. Is there a way to avoid that?
Best,
Sandro
