[mapguide-internals] Please review RFC 103

Jason Birch jason at jasonbirch.com
Tue Jul 13 22:34:38 EDT 2010


I would suggest that this kind of request should require author access AND
should not be available through the API at all when authoring is disabled in
webconfig.ini.  setDocument should require Administrator privileges.

I am not a big fan of allowing public access to configuration documents,
regardless of the seemingly innocuous nature of the information they
contain.

I guess the Fusion widget info calls access files outside of the repository.
 Are there any others?

Jason

On 13 July 2010 16:24, Tom Fukushima wrote:

> Along with SetDocument, what kind of user would be allowed access to this
> file? For example, since the RFC mentions the Studio user perhaps these
> operations only be available to someone with Author (or above) privileges.
>  Do we need a way to set security on this document so that we can restrict
> who can access it? I would hope not since that seems like overkill.
>
> Are there any other operations in MGOS that are similar to this (i.e.,
> access documents or information outside of the repository) in behavior?
>
>


More information about the mapguide-internals mailing list