More thoughts on securing series

Joel Peshkin bugreport at
Thu May 27 19:35:03 UTC 2004

Ok,  here's the proposal.

When creating a series, the creator can select a product with which the 
series is associated.  The series is then only available/visible to 
users for whom that product would be selectable.  The ID of that product 
is stored in the series table so that it will automatically track 
product renames.  It also makes it possible for product renames to 
rename the series IF the associated series (or its category) has a name 
that is identical to the name of the product.

When the series is run, it runs under the privileges of its creator. 
(optionally - let the creator indicate that a subset of the creator's 
privileges are to be used)

Migration code and product creation code populates the product ID for 
any series created by that code, so there is no leak created.

More information about the developers mailing list