I ran across this security warning on Twitter.
http://packetstormsecurity.org/filedesc ... s.txt.html
Someone has observed that if Xataface is set up on a database WITHOUT any permissions or security, then it provides write access to the database.
This is not a security hole in Xataface but it is worth noting that if you are setting up a Xataface application that is accessible to the world, that you should implement permissions at least in the Application Delegate class.
-Steve
