[ https://issues.apache.org/jira/browse/SLING-12300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17839137#comment-17839137 ]
Radu Cotescu commented on SLING-12300: -------------------------------------- {quote}That seems to be a security hole where someone could just do a brute force attack to try all the possible values and find paths that exist. {quote} They'd only have to try 2{^}122{^} combinations. In all seriousness now, the same ACLs apply. I don't see how the addressing mode introduces a security hole. > Provide a way to retrieve a JCR backed resource by its node identifier > ---------------------------------------------------------------------- > > Key: SLING-12300 > URL: https://issues.apache.org/jira/browse/SLING-12300 > Project: Sling > Issue Type: New Feature > Components: JCR > Reporter: Radu Cotescu > Assignee: Radu Cotescu > Priority: Major > Fix For: JCR Resource 3.3.0 > > > Since all {{javax.jcr.Nodes}} have an identifier [0], a useful feature would > be {{Resource}} retrieval by node id, which could be its {{jcr:uuid}} > property for referenceable nodes or the path. In systems that would like to > use UUID addressing, this would reduce the need for executing JCR queries for > resource retrieval and would avoid double-reads via the JCR and then Sling > API to obtain the resource. > In order to provide a unified behaviour, paths starting with the {{/jcr:id/}} > prefix should use the resource retrieval by node identifier. > [0] - > https://javadoc.io/static/javax.jcr/jcr/2.0/javax/jcr/Node.html#getIdentifier() -- This message was sent by Atlassian Jira (v8.20.10#820010)