Major Feature #5659

Implement content security

Added by Robert Lemke over 11 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Must have
Category:
Security
Target version:
-
Start date:
2009-12-07
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
Complexity:

Description

This ticket is a placeholder for all commits related to content security. Obviously this feature still needs to be described properly.

In general, content security will be handled by aspects affecting the persistence framework enforcing policies for all kinds of operations related to content (i.e. objects and their properties).


Related issues

Related to TYPO3.Flow - Feature #4960: There should be a Request hash check when objects are modifiedResolvedSebastian Kurfuerst2009-10-09

Actions
Related to TYPO3.Flow - Feature #3618: Extended ACL possibilitiesClosedAndreas Förthner2009-06-08

Actions
Related to TYPO3.Flow - Task #6599: Implement new syntax for policy resources including runtime constraintsResolvedAndreas Förthner2010-02-25

Actions
Related to TYPO3.Flow - Task #6600: Remove the privilege concept vom ACLsResolvedAndreas Förthner2010-02-25

Actions
Related to TYPO3.Flow - Task #6601: Introduce a new roles definition syntax including runtime constraintsOn HoldAndreas Förthner2010-02-25

Actions
Related to TYPO3.Flow - Feature #6604: Implement QueryRewriting according to the security policyResolvedAndreas Förthner2010-03-04

Actions
Related to TYPO3.Flow - Feature #6605: Integrate the security policy into resource managementResolvedAndreas Förthner

Actions
Related to TYPO3.Flow - Feature #8463: Check security policy for objects reconstituted in the session scopeNew2010-06-23

Actions
Related to TYPO3.Flow - Feature #9968: Promote security publishing configuration automatically when persisting modelsNewAndreas Förthner2010-09-28

Actions
#1

Updated by Sebastian Kurfuerst over 11 years ago

I saw that you removed the request hash again, with the argument "... it puts content security into Fluid templates..."

I disagree here, it just makes sure that only displayed form fields can be updated as well. In particular this is crucial with the [__identity] property being set or not set, and I still think that this part should be determined from the Fluid template.

Curious about your ideas, how you want to solve this issue :-) Maybe we should make a phone call soon?

Greets,
Sebastian

#2

Updated by Robert Lemke over 11 years ago

  • Target version changed from 1.0 alpha 7 to 1.0 alpha 8
#3

Updated by Robert Lemke over 11 years ago

  • Status changed from New to Accepted
  • Assignee changed from Robert Lemke to Andreas Förthner
#4

Updated by Andreas Förthner about 11 years ago

  • Target version changed from 1.0 alpha 8 to 1.0 alpha 9

Part I is implemented. Part II (QueryRewriting, see #6604) will be implemented for alpha9.

#5

Updated by Robert Lemke about 11 years ago

  • Tracker changed from Feature to Major Feature
#6

Updated by Robert Lemke almost 11 years ago

  • Target version deleted (1.0 alpha 9)
#7

Updated by Andreas Förthner over 10 years ago

  • Status changed from Accepted to Resolved

Also available in: Atom PDF