Time for me to brush up! I have never altered them before and have only run into them when a client running WebLogic could not make a network connection due to a restrictive default policy. It must be possible to restrict access to sensitive classes using this system. Probably makes a lot of sense to have restrictive security policy on a live server anyway. Just never got around to it before...
----- Original Message ----- From: "BOGAERT Mathias" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 12, 2003 1:45 PM Subject: RE: [OS-webwork] Security flaw with WW2 > Well, we are not all up to date on Java security policies, but since you > seem to be, care to enlighten us? > > Thanks, > Mathias > > -----Original Message----- > From: John Patterson [mailto:[EMAIL PROTECTED] > Sent: vrijdag 12 december 2003 14:42 > To: [EMAIL PROTECTED] > Subject: Re: [OS-webwork] Security flaw with WW2 > > > Time to brush up on Java security policies. > > ----- Original Message ----- > From: "Carlos Villela" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, December 12, 2003 1:32 PM > Subject: RES: [OS-webwork] Security flaw with WW2 > > > OOOOOOUCH! > > Ok, possible solutions: > > - Disallow POSTs with unknown referers (sucks, but works) > - Disallow use of java.lang.System, java.lang.Runtime and friends in OGNL > (good & works) > > Good catch, John! > > -cv > > -----Mensagem original----- > De: John Patterson [mailto:[EMAIL PROTECTED] > Enviada em: sexta-feira, 12 de dezembro de 2003 11:24 > Para: Webwork > Assunto: [OS-webwork] Security flaw with WW2 > > > Guess what this does? > > <html> > <body> > <form method="post" action=http://myhost/app/myAction.action> > <input name="@[EMAIL PROTECTED](1).dummy" value=""/> </form> </body> > </html> > > John. > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. Does > SourceForge.net help you be more productive? Does it help you create better > code? SHARE THE LOVE, and help us help YOU! Click Here: > http://sourceforge.net/donate/ > _______________________________________________ > Opensymphony-webwork mailing list [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. Does > SourceForge.net help you be more productive? Does it help you create better > code? SHARE THE LOVE, and help us help YOU! Click Here: > http://sourceforge.net/donate/ > _______________________________________________ > Opensymphony-webwork mailing list [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. Does > SourceForge.net help you be more productive? Does it help you create better > code? SHARE THE LOVE, and help us help YOU! Click Here: > http://sourceforge.net/donate/ > _______________________________________________ > Opensymphony-webwork mailing list [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > Does SourceForge.net help you be more productive? Does it > help you create better code? SHARE THE LOVE, and help us help > YOU! Click Here: http://sourceforge.net/donate/ > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork > ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
