Project

General

Profile

Actions
Copy link

Bug #6718

closed

Feature #6711: refactoring of lavoisier security

support authentication for operation "/notify"

Added by Reynaud Sylvain about 10 years ago. Updated almost 10 years ago.

Status:
Rejected
Priority:
Normal
Assigned To:
Schwarz Lionel
Category:
Service
Target version:
later
Start date:
03/31/2014
Due date:
% Done:

100%

Estimated time:

Description

Create a <authenticators> section in a separate configuration file "./security/lavoisier-notify.xml"

Actions
Copy link
 #1

Updated by Reynaud Sylvain about 10 years ago

  • Target version changed from 2.1 to later
Actions
Copy link
 #2

Updated by Reynaud Sylvain about 10 years ago

  • Tracker changed from Task to Bug
  • Description updated (diff)
Actions
Copy link
 #3

Updated by Reynaud Sylvain almost 10 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Reynaud Sylvain almost 10 years ago

  • Description updated (diff)
Actions
Copy link
 #5

Updated by Reynaud Sylvain almost 10 years ago

  • Status changed from New to Rejected
  • % Done changed from 0 to 100
This issue is rejected because:
  • the operation "notify" does not expose any data.
  • the new attribute @ignore-during already solves the only security risk: the deny of service
  • the solutions to solve this issue are:
    • either too costly : support authentication for operation "/notify".
    • or too ugly : create a NotifyConnector that depends on the lavoisier-engine module.
      <view name="notify" authenticators="notifier">
    <argument name="view"/>
    <connector type="NotifyConnector">
        <parameter name="view" eval="$view"/>
    </connector>
</view>
Actions
Copy link

Also available in: Atom PDF