[mashup-dev] [jira] Resolved: (MASHUP-603) Sharing and downloading
includes potentially confidential information in temp files
Keith Godwin Chapman (JIRA)
jira at wso2.org
Fri Jan 25 21:15:59 PST 2008
[ http://wso2.org/jira/browse/MASHUP-603?page=all ]
Keith Godwin Chapman resolved MASHUP-603.
-----------------------------------------
Resolution: Fixed
> Sharing and downloading includes potentially confidential information in temp files
> -----------------------------------------------------------------------------------
>
> Key: MASHUP-603
> URL: http://wso2.org/jira/browse/MASHUP-603
> Project: WSO2 Mashup Server
> Issue Type: Improvement
> Reporter: Jonathan Marsh
> Assigned To: Keith Godwin Chapman
> Fix For: 1.0
>
>
> When I share or download a mashup like storexml, the runtime temp files are downloaded as well, even though they are not necessary to run the mashup. Say I used storexml to store passwords for a mashup, or if I used the file system directly within that mashup. By downloading the mashup you not only get potentially large amounts of irrelevant garbage, but possibly confidential information or state information that could prevent the mashup from running in a fresh environment.
> I propose checking for a folder called "_private" within the .resources folder and excluding it from the shared-mashup package. I would adjust the storexml sample service, and perhaps others, to make use of this folder as appropriate.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the Mashup-dev
mailing list