I'am using ezjscore for a while now and i've just found recently that this extension doesn't follow eZ Publish policy about right.

- eZ Publish rights work as a white list. Unless you're in the admin group, you're not allowed to do anything.

- eZJSCore doesn't follow that behaviour. Unless you specify it in an ini file, it never checks whether or not you are allowed to call an ezjscServerRouter.

This means that every one can fetch some information about your content. You only have to call the following url

http://projects.ez.no/ezjscore/call/ezjscnode::subtree::2

Don't you think ezjscore should follow the same behaviour as eZ Publish ?