Am Montag, 1. März 2010 17:07:13 schrieb Andreas Hartmann: > > In my opinion, Lenya pages should be accessible by everyone in principle. > > If they have to be protected then Lenya should take care of this. As far > > as I can see, this works for everything that is related to a specific > > publication. Alas, it doesn’t work for the creation of a new publication. > > The usecase invocation for document-agnostic usecases is usually > orthogonal to the URI space. So you could deny access to everything > outside publications and make the createPulicationFromTemplate usecase > available inside a publication, e.g. via a menu item.
Okay, but if I don’t want to make publication creation available at all, I could just block everything outside publications. But what is “outside publications”? Which URLs do I have to block? And aren’t some publication- indepentent URLs also used inside publications? For example, the URLs for accessing the flag pictures that symbolize languages? > > What URLs have to be blocked for the general public so that ordinary > > internet users cannot modify data on the server (like the publications > > store)? Is there any documentation on the web that documents which URLs > > are “unsafe”? > > In the standard Lenya distribution there are no unsafe documents > (AFAIK), I meant unsafe URLs. In my terminology, a URL is unsafe it it allows write access without authentication. So the URL for creating a new publication is unsafe. > since all modifications in the repository are executed by usecases. The > usecase policies define the write protection specifics for your Lenya > application. Could you please elaborate or point me to the relevant documentation? Best wishes, Wolfgang --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
