johnb4
commented
4 years ago The customer needs to check to see who is accessing the script before allowing it to be executed.
Closed johnb4 closed 1 year ago
johnb4
commented
4 years ago The customer needs to check to see who is accessing the script before allowing it to be executed.
justinedelson
commented
4 years ago What is the actual issue here? Is this a request to add the language about "It's a security consideration..." to the documentation? The language in linked Sling documentation explains the reasons why this is a problem in more detail.
johnb4
commented
4 years ago It's apparently not clear enough for the customer since they opened a Support case against it. The customer read the linked documentation. Maybe just a another or two to reinforce the requirement that external security measures will be required if this check is ignored.
bohnertchris
commented
4 years ago CQDOC-16347
guillaumecarlino
commented
1 year ago Closing as CQDOC-16347 was closed.
Issue in help/using/custom-code-quality-rules.md
Customer asked about this particular item "CQRules:CQBP-75": Q: Why change? A: It's a security consideration. The advantage of using nodes in the JCR over paths is that you can easily control access to nodes via ACLs. If it's done outside of the JCR then the customer needs to handle the security themselves.