[Building Sakai] Entitybroker batch servlet disabled by default
Daniel Merino
daniel.merino at unavarra.es
Tue Mar 19 01:13:54 PDT 2013
Hi everybody.
We have noticed that Clog tool makes use of batch direct servlet to
restore deleted posts in recycle bin, so having
entitybroker.batch.enable=false by default in sakai.properties gives an
error when restoring.
This property was set to false by default in 2.9 (
https://jira.sakaiproject.org/browse/SAK-22619 ), where a potential
security hole is mentioned as reason to disable it, but no more info is
given.
Turning this property true in sakai.properties solves the issue, but I'm
worried by this security hole.
Should we disable this property and request Clog to workaround it? Or
shoud we do something else to make it secure?
Thanks in advance.
Best regards.
--
Daniel Merino Echeverría
daniel.merino at unavarra.es
Gestor de teleformación - Centro Superior de Innovación Educativa.
Tfno: 948-168489 - Universidad Pública de Navarra.
More information about the sakai-dev
mailing list