jcnelson
commented
9 years ago Better yet: removed the need for passing cursors around at all :D
Closed jcnelson closed 9 years ago
jcnelson
commented
9 years ago Better yet: removed the need for passing cursors around at all :D
The MS should sign the serialized directory page cursor in the ms_listing message, separate from the ms_reply structure (in fact, the serialized cursor should contain both the cursor and signature). This is to prevent the UG from generating a malicious cursor that messes up the MS's directory page cache.
There are stubs for this already, but they need to be filled in.