[4suite-dev] URIs in the repo, revisited (addendum)
Uche Ogbuji
uche.ogbuji at fourthought.com
Wed Dec 11 18:12:52 MST 2002
On Tue, 2002-12-10 at 14:21, Jeremy Kloth wrote:
> On Tuesday 10 December 2002 09:42 am, Mike Brown wrote:
> > Can you tell me what the intent is for file URIs? e.g., when the current
> > doc is something from the repo, and it contains an absolute URI ref like
> > 'file:///path/to/some/file', do you want to look on the local filesystem,
> > or should this be interpreted as the repo path /path/to/some/file?
> >
>
> >From a security standpoint, a don't like the ability for documents to get
> access with the server's system access to a file on the host system. Given
> that, it would then be possible to implement the file scheme as the way into
> the repository, since the file scheme is defined as as being machine
> dependent anyway.
I see the security implications, but I think that admins should be able
to set security policy so that they can allow access to the local paths
on machine at their discretion. This is similar to the Java run time
approach.
I do not think we should use file: URLs to mean repo paths. It would
not be illegal, but I think it would be confusing. I certainly think of
file URLs separately than I think of repo paths.
I do think I have a compromise, though.
Why don't we define a "virtual" host name for the repo, which the user
sets up at 4ss init time (we can offer a default, such as "4ssrepo"
Then we can use file:// URLs for the repo, but using the special host
name:
file://4ssrepo/ftss/data
Would point to what you expect
file:///home and the dodgy file:/home
Would still be local paths, even though they may be blocked by security
policy.
--
Uche Ogbuji Fourthought, Inc.
http://uche.ogbuji.net http://4Suite.org http://fourthought.com
Tour of 4Suite - http://www.xml.com/pub/a/2002/10/16/py-xml.html
Proper XML Output in Python - http://www.xml.com/pub/a/2002/11/13/py-xml.html
RSS for Python - http://www-106.ibm.com/developerworks/webservices/library/ws-pyth11.html
Debug XSLT on the fly - http://www-106.ibm.com/developerworks/xml/library/x-debugxs.html
More information about the 4suite-dev
mailing list