Well I don't think it is that simple to protect with just ACLs. Unless things have changed, the jackrabbit ACLs are set at the node level, not the property level. If you grant the jcr:modifyProperties privilege to some user on an unstructured node, then that user now has the ability to create additional arbitrary properties on that node. For example, the app may want to allow a user to edit their own comments to a blog post. Then that user could store their mp3 collection on your unstructured node as binary properties by just using the REST apis provided by sling.
If you use well defined node types, there is more protection against the above exploit since the set of properties is well known and can have appropriate constraints set on what is allowed to be stored in each property. That's my 2 cents. -Eric On Wed, Oct 17, 2012 at 10:00 AM, Alexander Klimetschek <[email protected]>wrote: > On 13.10.2012, at 00:37, Eric Norman <[email protected]> wrote: > > > I'd agree that using unstructured types can be useful for prototyping > when > > the final structure is changing frequently. But I would be cautious > about > > that approach for a production system. Unstructured node types can be a > > security hole since anyone with rights to modify properties on an > > unstructured node can add arbitrary garbage to your repository. Well > > defined node types provide a nice guard against that since unexpected > child > > nodes and properties can not be added. > > You should use ACLs for that. Access rights and schema are two different > things. > > Cheers, > Alex
