[jira] Created: (SHALE-362) Improve default security of Shale Remoting - Craig McClanahan (JIRA) - org.apache.shale.issues

2 messages in org.apache.shale.issues[jira] Created: (SHALE-362) Improve d...

From	Sent On	Attachments
Craig McClanahan (JIRA)	Dec 14, 2006 12:39 am
Craig McClanahan (JIRA)	Dec 14, 2006 12:44 am

Subject:	[jira] Created: (SHALE-362) Improve default security of Shale Remoting
From:	Craig McClanahan (JIRA) (ji...@apache.org)
Date:	Dec 14, 2006 12:39:34 am
List:	org.apache.shale.issues

Improve default security of Shale Remoting ------------------------------------------

Key: SHALE-362 URL: http://issues.apache.org/struts/browse/SHALE-362 Project: Shale Issue Type: Bug Components: Remoting Affects Versions: 1.0.4-SNAPSHOT Reporter: Craig McClanahan Fix For: 1.0.4-SNAPSHOT

The current "out of the box" security of Shale Remoting is better (in
1.0.4-SNAPSHOT) than it was in 1.0.3, but still needs to be improved:

* "Dynamic" processor should exclude by default all managed bean names that are implicitly defined in the JSF spec, and have public zero-args methods that might mess things up. (Example: executing #{applicationScope.clear} would be bad.

* All processors should be enhanced to *always* obey their default exclude lists, even if the user specifies additional exclude patterns.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets