Am 11.09.13 07:54, schrieb Lukasz Lenart: > 2013/9/11 David Black <dbl...@atlassian.com>: >> On 9 September 2013 20:52, Christian Grobmeier <grobme...@gmail.com> wrote: >> >> >> From a security standpoint we may have the man power to improve things. >> For example, if we manage to "disable static method" calls from OGNL we >> would have a win already. If we manage to restrict the path of OGNL we >> might have another win. >> These security hardening proposals to OGNL sound like good starting points. > Maybe this can be a good starting point? It blocks Runtime.exec but we > can extend it. > > https://github.com/bytenibble/security-manager Sounds interesting. I thought if it would be better to improve Commons OGNL in a way users can configure their security aspects. This security manager is interesting thought. > > Regards
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
