Forum OpenACS Development: Re: stable urls for all objects

Collapse
Posted by Tom Jackson on
How do you come to think that a /o/ link would be be shown without description?

Dirk,

If the description is part of an object, and the object has a read permission, then you need to run a permission check before dispaying the description. This is exactly what I fear: an application that rummages around displaying private information, unchecked.

All I am saying is that you shouldn't create a back door to data, of any type, period. Now the redirection page, as I now understand it, would just take an object_id. Assuming the page didn't give away any information in case of a permission failure, then there is nothing wrong with it. I think it is a good idea. But an application that lists objects (showing the name or a description) without a permission check is just bad. It isn't what OpenACS was designed to do. The fact that it is easy to do it shouldn't be a surprise to anyone. But it is a bad idea.

Collapse
Posted by Timo Hentschel on
Tom, as I already said, I'm right with you. We do have to do permission checks before displaying any object_name in any list of objects. I totally agree that there should never be a backdoor so that users can get information that they're not permitted to get.