On Fri, May 4, 2012 at 4:16 AM, Bertrand Delacretaz <[email protected]>wrote:
> Hi Chetan, > > On Fri, May 4, 2012 at 5:18 AM, Chetan Mehrotra > <[email protected]> wrote: > > ...Let me know if any other change is required from my side for this > feature > > to be included in Sling... > > I haven't looked in detail yet, but IIUC your service allows arbitrary > code to be executed from a POST request (which is cool in the context > of testing that I saw in your example). > FWIW, I consider this a non-issue. The web console already allows for arbitrary code execution by installing a bundle :) Justin > > As that can be a security risk, maybe it would be good to have some > form of warning, that people must be aware of the implications if > enabling that service? Maybe just a WARN log message at activation > time, or something similar that reasonable users shouldn't ignore. > > -Bertrand >
