[Cosmo-dev] testing with the same .ics files
Brian Moseley
bcm at osafoundation.org
Wed Jul 11 10:34:52 PDT 2007
On 7/11/07, Randy Letness <randy at osafoundation.org> wrote:
> Cosmo has a limitation now that you can gain write access to an item if
> you know its uuid. Same goes for knowing the ticket. The thinking was
> that because uuids were unique, its unlikely that you can determine a
> uuid unless you have access to the repository in which case you have
> access to any tickets. We have always planned on upgrading this
> security model post preview.
well, the organizational thinking that led to this issue was "acls
aren't important for cosmo; only tickets". many of you might not have
been around when i was more strongly advocating actual security
features.
More information about the cosmo-dev
mailing list