[
https://issues.apache.org/jira/browse/SLING-12300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17839137#comment-17839137
]
Radu Cotescu commented on SLING-12300:
--------------------------------------
{quote}That seems to be a security hole where someone could just do a brute
force attack to try all the possible values and find paths that exist.
{quote}
They'd only have to try 2{^}122{^} combinations. In all seriousness now, the
same ACLs apply. I don't see how the addressing mode introduces a security hole.
> Provide a way to retrieve a JCR backed resource by its node identifier
> ----------------------------------------------------------------------
>
> Key: SLING-12300
> URL: https://issues.apache.org/jira/browse/SLING-12300
> Project: Sling
> Issue Type: New Feature
> Components: JCR
> Reporter: Radu Cotescu
> Assignee: Radu Cotescu
> Priority: Major
> Fix For: JCR Resource 3.3.0
>
>
> Since all {{javax.jcr.Nodes}} have an identifier [0], a useful feature would
> be {{Resource}} retrieval by node id, which could be its {{jcr:uuid}}
> property for referenceable nodes or the path. In systems that would like to
> use UUID addressing, this would reduce the need for executing JCR queries for
> resource retrieval and would avoid double-reads via the JCR and then Sling
> API to obtain the resource.
> In order to provide a unified behaviour, paths starting with the {{/jcr:id/}}
> prefix should use the resource retrieval by node identifier.
> [0] -
> https://javadoc.io/static/javax.jcr/jcr/2.0/javax/jcr/Node.html#getIdentifier()
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
