cubicweb #2969377 [security] all add security checks must happen at commit time [open]
Except for group-based security designs, the likeliness of event-time security checking doing the right thing is small since RQLExpression may depend on arbitrary relations being set to grant effective permissions.
The update issue is in another ticket.
|done in||<not specified>|
|closed by||<not specified>|
- cubicweb #1698245 Convert __message to _cwmsgid to increase security
- cubicweb #511718 explain why rql expr insertion doesn't work to ease security debugging
- TheCubicWebBook #656194 CW Administration: how to give dynamic permissions
- cubicweb #1346310 Add `Secure` attribute to cookie when navigating on https
- cubicweb #1381390 Implement HTTP Strict Transport Security for https