Forum OpenACS Q&A: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!)

Collapse
66: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!) (response to 1)
Posted by Barry Books on 06/28/04 12:59 PM
Here is the change the request processor. 
    # call sudo if it's mounted
    if { [site_node::exists_p -url /sudo] } {
         sudo::checkauth -url [ad_conn extra_url]
    }
It should probably check for the package key instead of the url

I'll see if I can get a postgresql version working. I need to install it on may machine anyway

Collapse
67: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!) (response to 66)
Posted by Jade Rubick on 07/09/04 06:16 PM
Barry, it might also be a good idea to cache the result of the exists_p operation, especially if that is being called often.

Let us know if you have an Oracle and Postgres version available. :)