On 18 Nov 2009, at 12:03, Carsten Ziegeler wrote:
Ian Boston wrote:
On 18 Nov 2009, at 11:13, Bertrand Delacretaz wrote:
On Wed, Nov 18, 2009 at 6:02 PM, Carsten Ziegeler
<[email protected]> wrote:
...I think we should rather go for an xml generation that is
resource
based
and works like the json stuff. This way we don't have any
limitations
(like some parts of the resource tree are not renderable as xml)
and can
easily apply the same algorithm as for the json output....
Sounds good to me, but we should keep the existing docview/sysview
formats as options - they are useful when moving stuff between
repositories (which might not use Sling).
-Bertrand
2 observations.
When I made the request as a anon user, there was significant load on
the server as it loaded all the nodes in the jcr. (potential DoS)
and
I am wondering why it loaded all the nodes in the JCR seeing as
some of
them had restrictive ACL's on them and should not have been rendered.
The DoS issue is a bit worrying ?
Yes and no :)
The xml export can be turned off, so the hole can be closed
Unfortunately it is open by default.
perhaps it should be admin by default, scary things happen with big
exports like this even if you never meant the data to be there. ( like
FERPA[1] violations of personal data)
1http://en.wikipedia.org/wiki/Family_Educational_Rights_and_Privacy_Act
Carsten
--
Carsten Ziegeler
[email protected]
