Closed johnb4 closed 1 year ago
The customer needs to check to see who is accessing the script before allowing it to be executed.
What is the actual issue here? Is this a request to add the language about "It's a security consideration..." to the documentation? The language in linked Sling documentation explains the reasons why this is a problem in more detail.
It's apparently not clear enough for the customer since they opened a Support case against it. The customer read the linked documentation. Maybe just a another or two to reinforce the requirement that external security measures will be required if this check is ignored.
CQDOC-16347
Closing as CQDOC-16347 was closed.
Issue in help/using/custom-code-quality-rules.md
Customer asked about this particular item "CQRules:CQBP-75": Q: Why change? A: It's a security consideration. The advantage of using nodes in the JCR over paths is that you can easily control access to nodes via ACLs. If it's done outside of the JCR then the customer needs to handle the security themselves.