The current implementation does not save anything. The persistence means needs to be discussed further for operations which have not been implemented. If you notice some of the xml files, these xml files are actually used as default value sets for dmtf cimi entities. Thanks.
Tong Li Emerging Technologies & Standards B062/K317 [email protected] From: Justin Clift <[email protected]> To: [email protected] Date: 10/19/2011 05:56 PM Subject: Re: [PATCH] dmtf reference implementation initial checkin On 29/09/2011, at 9:34 AM, David Lutterkort wrote: Hi Tong, > > On Wed, 2011-09-28 at 11:33 -0700, [email protected] wrote: >> From: Tong Li <[email protected]> > > first off, congrats, the patch applies now without any warnings. We are > making progress ;) > > I have quite a few comments: Just noticed something really old, but might still be important as it sounds indicative of a security problem. <snip> > * ... The > mock driver stores its files in /var/tmp (how well does that > actually work under Windows ?) Just to ask the question, does this mean we have an information leak here, where "other users on a server" can potentially get details? Also thinking "race condition", if more than one user is doing stuff with mock at the same time. (?) If such a race can occur, and affect more than just mock, sounds like an easy DoS any time there's a self service user interface. (ie Aeolus) Regards and best wishes, Justin Clift -- Aeolus Community Manager http://www.aeolusproject.org
