[Yanel-dev] improving policy matching WAS: Re: WARNING: Security issue re TinyMCE integration
simon
simon at 333.ch
Mon Feb 7 11:06:41 CET 2011
Am 07.01.2011 00:47, schrieb Michael Wechner:
> On 1/6/11 8:50 PM, simon wrote:
>>
>>>
>>> We are currently working on further improving this, whereas there
>>> are several possibilities to do so and
>>> we will send a follow-up email in order to discuss on how to best
>>> proceed.
>> as discussed off-list there are several points which came to our mind
>>
>> - rc-map allows request-parameter matching (this way editors would be
>> called on exactly the same path as the to edited content and the
>> additional request parameter is matched by rc-map.). this would NOT
>> solve the problem of multiple usecases under one path.
>
> right, but you could match different query strings on different usecases
>
>> i think this would be important anyway.
>
> agreed
>>
>> -add some chain-of-responsibility pattern matcher (similar to the
>> rc-map) to the policy system. this would NOT solve the problem of
>> multiple usecases under one path. but probably a good idea anyway.
>
> agreed
>>
>> - invent some communication between YanelServlet and the current
>> resource (e.g. UsecaseableV1). to ask/tell about the current usecase.
>> this would allow to solve the problem of multiple usecases under one
>> path.
>
> I need to think about this a bit ;-)
did you find some time to think about this?
cheers
simon
>
> Cheers
>
> Michael
>>
>>
>> WDOT?
>>
>> cheers
>> simon
>>
>>
>>>
>>> Thanks
>>>
>>> Michael
>>
>
More information about the Yanel-development
mailing list