Carsten,
I think I understand your security concern - do you see another way to
solve this in that case?
Ruben
On 4/22/2021 10:31 PM, Carsten Ziegeler wrote:
Thanks Ruben,
in my opinion /apps belongs to developers. In our case its immutable
for good reasons. Drilling a hole into this and allowing non
developers contribute to /apps, especially in a dynamic fashion
circumventing the immutability sounds very risky and can result in
security problems.
I understand that extra configuration options are added to partially
address this, but then it comes down to how effective these are and
what holes they might have.
Now, in general I'm not against a feature like dynamic resources - but
making something immutable mutable especially for a different audience
is too dangerous.
Regards
Carsten
