[Cosmo-dev] testing with the same .ics files
Randy Letness
randy at osafoundation.org
Wed Jul 11 10:16:01 PDT 2007
Bobby Rullo wrote:
> Does this imply that if you know the UID of something, you effectively
> have access to it?
>
Cosmo has a limitation now that you can gain write access to an item if
you know its uuid. Same goes for knowing the ticket. The thinking was
that because uuids were unique, its unlikely that you can determine a
uuid unless you have access to the repository in which case you have
access to any tickets. We have always planned on upgrading this
security model post preview.
-Randy
More information about the cosmo-dev
mailing list