[cosmo-dev] options to fix security hole
Mimi Yin
mimi at osafoundation.org
Fri Feb 8 12:13:15 PST 2008
Hi Randy,
I think modifying the UUID would be a good idea. If you ever end up
sharing the item through a collection, you'll end up with dupes, but
I think we can live with that. Let's try it and see if anyone complains.
Is modifying the UUID work for the server, work for the clients? or
both?
Mimi
On Feb 7, 2008, at 7:21 AM, Randy Letness wrote:
>> Jeffrey does what you're describing below mean that if you receive
>> an item only via Email and then you publish it the server, you
>> won't be able to edit anymore? Or could we still do some selective
>> silo-ing on the server to prevent that from happening?
>>
>
> That is correct. There would be no silo-ing and the server would
> see the uuid exists and add that item read-only when you publish it
> because it already exists. If this isn't desirable, maybe we could
> modify the emailed item to have a different uuid or modify the
> client to create a new uuid if one doesn't exist in the repository.
>
> -Randy
> _______________________________________________
> cosmo-dev mailing list
> cosmo-dev at lists.osafoundation.org
> http://lists.osafoundation.org/mailman/listinfo/cosmo-dev
More information about the cosmo-dev
mailing list