Sure ... or we can keep the service disabled by default and the plugin page displays a message that it should be enabled before being used. And then a user can enable it from WebConsole
Chetan Mehrotra On Fri, May 4, 2012 at 1:46 PM, Bertrand Delacretaz <bdelacre...@apache.org>wrote: > Hi Chetan, > > On Fri, May 4, 2012 at 5:18 AM, Chetan Mehrotra > <chetan.mehro...@gmail.com> wrote: > > ...Let me know if any other change is required from my side for this > feature > > to be included in Sling... > > I haven't looked in detail yet, but IIUC your service allows arbitrary > code to be executed from a POST request (which is cool in the context > of testing that I saw in your example). > > As that can be a security risk, maybe it would be good to have some > form of warning, that people must be aware of the implications if > enabling that service? Maybe just a WARN log message at activation > time, or something similar that reasonable users shouldn't ignore. > > -Bertrand >