Re: [xwiki-devs] Why /templates not in /WEB-INF?

13 Jun 2008

Pascal Voitot wrote:
...
  I see your point but, as an external XWiki
user/developer (I'm not
 committer), I think these are only velocity scripts containing useful
 variables and parts of interaction code but no "core" core... These
 scripts could be copied/pasted in any XWiki document... To my mind, the
 important thing is not to hide these scripts but to verify they don't
 contain any silly access control such as "if($hasRight)
 doSomethingNeedingStrongSecurity()" because if you simply rewrite the script
 without the test, you access what should be protected... The control should
 be placed in the code... 
The control usually is in the core, but templates contain this kind of checks to let the
user know 
what he can / cannot do.
-- 
Sergiu Dumitriu
http://purl.org/net/sergiu/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [xwiki-devs] Why /templates not in /WEB-INF?