Hey Lance, Thanks for taking time to look at this. The code you suggested is a servlet implementation of the javascript editor component. We won't use this approach. The javascript component will be integrated with tapestry and the request/response cycles will be passing parameters in urls/getting json response.
The parameters will off course be validated, according to the provided permissions module. Eager to hear more thoughts on this. Cheers, Dragan Sahpaski On Tue, Mar 13, 2012 at 11:01 AM, Lance Java <lance.j...@googlemail.com>wrote: > I'm always very wary of servlets that allow access to a filename passed in > as a request parameter... you are potentially opening up complete access to > your server if you are not careful. Before introducing something like this > into your application you must do a security audit on it > > > https://github.com/Studio-42/elfinder-servlet/blob/master/src/main/java/org/elfinder/servlets/commands/OpenCommand.java > > On Tuesday, 13 March 2012, Dragan Sahpaski <dragan.sahpa...@gmail.com> > wrote: > > Hi Ville, > > We decided to go with http://elfinder.org/. > > The discussion is on the tynamo dev list. > > It's BSD licensed, the code is pretty clean, it's actively developed. and > > it looks pretty stable. > > I'll integrate it very shortly (this week) and give you a link to a demo, > > or just follow the list. > > > > If it turns out ok we'll have another tynamo module. > > > > Cheers, > > Dragan Sahpaski > > > > > > > > On Mon, Mar 12, 2012 at 9:30 PM, Ville <ville.virta...@orientimport.fi > >wrote: > > > >> Hi, > >> > >> CKFinder is commercial product with no freeware licensing model afaik. > >> However their prices are so low that I'd be happy to pay if the product > is > >> good. Then the ckeditor component should only provide a bridge to their > >> java > >> implementation and let the developer using the component to provide the > >> actual paid ckfinder for it. > >> > >> The upload-only approach is not an option for us, as the users really > need > >> the browsing view to the server and it's files with thumbnails. > >> > >> - Ville > >> > >> > >> > >> -- > >> View this message in context: > >> > > http://tapestry.1045711.n5.nabble.com/Simple-CMS-content-editor-component-tp5494712p5559036.html > >> Sent from the Tapestry - User mailing list archive at Nabble.com. > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > >> For additional commands, e-mail: users-h...@tapestry.apache.org > >> > >> > > >
