You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Michael Marth (JIRA)" <ji...@apache.org> on 2009/06/02 12:51:07 UTC
[jira] Created: (SLING-989) scripts in /apps are read by user
session, this leads to security problem
scripts in /apps are read by user session, this leads to security problem
-------------------------------------------------------------------------
Key: SLING-989
URL: https://issues.apache.org/jira/browse/SLING-989
Project: Sling
Issue Type: Bug
Reporter: Michael Marth
At the moment the user session is used to read the scripts stored in /apps. Most web apps have some anonymous users as well, therefore the ACLs of /apps must allow read access of the /apps directory. Hence, all scripts within /apps are readable by anyone.
I suggest to allow the Sling administrator to configure which session to use when the scripts are read. He could choose the admin session or stick with the default (the user's session).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.