Hi, On Jun 11, 2012, at 1:04 PM, Felix Meschberger <fmesc...@adobe.com> wrote:
> Hi, > > Am 11.06.2012 um 09:03 schrieb Davide: > >> (please note the quotes around securing). >> >> I really love the SlingPostServlet and the fact that I can create JCR >> structure starting from a JSON stream. It really ease the process for >> creating (and updating?) content. >> >> Now if I'd go for the usage of it, I'd like to prevent some malicious >> teenager to use curl commands to POST fake/not-correct content to the >> repository. >> >> I know that I can restrict it with user/password but what if he has the >> right credentials? > > Access control is the way to go. > > If an attacker has knowledge of credentials to write to the repository, you > have a problem to solve ;-) > >> >> Are there any way to restrict the operations allowed by the PostServlet? > > None, other than access control on the content > >> >> Enforcing some content structures? > > No. You could potentially do this with a PostProcessor. Justin > >> >> Prevent "flooding"? > > No, such mechanisms might make sense, but we don't have them > > Regards > Fleix > >> >> Cheers >> Davide >> >