[jira] [Commented] (CMIS-893) getRepositories on browser binding repository url

JIRA Tue, 03 Mar 2015 01:59:27 -0800

    [ 
https://issues.apache.org/jira/browse/CMIS-893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14344849#comment-14344849
 ]


Florian Müller commented on CMIS-893:
-------------------------------------

I don't see security implications. If the user can access the repository, he 
can always call 
{{http://localhost:8080/browser/something?cmisselector=repositoryInfo}} to get 
the repository info. This URL must be supported.

The alternative response would be an error message like this:
{code}
{
    "exception": "notSupported",
    "message": "Unknown operation"
}
{code}

I don't think that is less confusing.

> getRepositories on browser binding repository url
> -------------------------------------------------
>
>                 Key: CMIS-893
>                 URL: https://issues.apache.org/jira/browse/CMIS-893
>             Project: Chemistry
>          Issue Type: Bug
>          Components: opencmis-server
>    Affects Versions: OpenCMIS 0.12.0
>            Reporter: Michael Brackx
>            Assignee: Florian Müller
>
> A http get on a repository url returns a getRepositories response.
> This can be confusing and have security implications.
> Example curl:
> {code}
> curl http://localhost:8080/browser/something
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CMIS-893) getRepositories on browser binding repository url

Reply via email to