You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Oliver Lietz (JIRA)" <ji...@apache.org> on 2018/02/08 15:15:00 UTC
[jira] [Updated] (SLING-6130) Restrict access for principal
everyone and move configuration to repoinit
[ https://issues.apache.org/jira/browse/SLING-6130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oliver Lietz updated SLING-6130:
--------------------------------
Fix Version/s: JCR Oak Server 1.1.4
Starter 11
> Restrict access for principal everyone and move configuration to repoinit
> -------------------------------------------------------------------------
>
> Key: SLING-6130
> URL: https://issues.apache.org/jira/browse/SLING-6130
> Project: Sling
> Issue Type: Improvement
> Components: JCR, Oak
> Affects Versions: JCR Oak Server 1.1.0
> Reporter: Oliver Lietz
> Assignee: Oliver Lietz
> Priority: Major
> Labels: security
> Fix For: JCR Oak Server 1.1.4, Starter 11
>
> Attachments: error.log
>
>
> Currently {{everyone}} can {{read}} from {{/}} (configured in {{OakSlingRepositoryManager}}).
> Access for {{everyone}} should be restricted:
> * {{read}} should be restricted to {{/content}}
> * configuration of principals and ACLs should be done with _repoinit_
> # -Change path from {{/}} to {{/content}} in {{OakSlingRepositoryManager}}- (/) (-[r1764259|https://svn.apache.org/r1764259]-)
> # Fix modules (samples) relying on _unrestricted_ {{read}} access
> # Move configuration of ACLs to _repoinit_ (/)
> discussion on [dev@|https://lists.apache.org/thread.html/36908ed62ac93c63cad594a897f8abceb93f08da5bcea30dbce98e58@%3Cdev.sling.apache.org%3E]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)