Hi,
On Wed, Apr 22, 2009 at 6:22 PM, Rory Douglas wrote:
> Bertrand Delacretaz wrote:
>> 2) Prevent legitimate scripts from messing up with the system
> An variant of 2) just showed up in the "Accessing JCR" thread. Looks like
> anyone that can upload a script can do the following:
>
>
> <%
>
Hi,
Bertrand Delacretaz schrieb:
> Hi,
>
> On Wed, Apr 22, 2009 at 6:22 PM, Rory Douglas wrote:
>> Bertrand Delacretaz wrote:
>>> 2) Prevent legitimate scripts from messing up with the system
>> An variant of 2) just showed up in the "Accessing JCR" thread. Looks like
>> anyone that can upload
Hello
For sure not the easiest solution, but what about storing the
application in a separate workspace from the content. If scripts were
only executable in the application workspace, malicious attackers
could maybe create a script in the content workspace, but it would not
be possible to execute
