FYI you can find information on how to do this for WebLogic 8.1 here: http://edocs.bea.com/wls/docs81/security/server_prot.html#1032262
Mathias -----Original Message----- From: Hani Suleiman [mailto:[EMAIL PROTECTED] Sent: vrijdag 12 december 2003 14:56 To: [EMAIL PROTECTED] Subject: Re: [OS-webwork] Security flaw with WW2 It's not as easy as it sounds. The JVM allows one security policy, so you'd have to fine tune a policy file and ensure that it doesn't cause your appserver to become upset. Some servers have their own policy files that need to be tweaked, others will need one from scratch. On Dec 12, 2003, at 8:45 AM, BOGAERT Mathias wrote: > Well, we are not all up to date on Java security policies, but since > you > seem to be, care to enlighten us? > > Thanks, > Mathias > > -----Original Message----- > From: John Patterson [mailto:[EMAIL PROTECTED] > Sent: vrijdag 12 december 2003 14:42 > To: [EMAIL PROTECTED] > Subject: Re: [OS-webwork] Security flaw with WW2 > > > Time to brush up on Java security policies. > > ----- Original Message ----- > From: "Carlos Villela" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, December 12, 2003 1:32 PM > Subject: RES: [OS-webwork] Security flaw with WW2 > > > OOOOOOUCH! > > Ok, possible solutions: > > - Disallow POSTs with unknown referers (sucks, but works) > - Disallow use of java.lang.System, java.lang.Runtime and friends in > OGNL > (good & works) > > Good catch, John! > > -cv > > -----Mensagem original----- > De: John Patterson [mailto:[EMAIL PROTECTED] > Enviada em: sexta-feira, 12 de dezembro de 2003 11:24 > Para: Webwork > Assunto: [OS-webwork] Security flaw with WW2 > > > Guess what this does? > > <html> > <body> > <form method="post" action=http://myhost/app/myAction.action> > <input name="@[EMAIL PROTECTED](1).dummy" value=""/> </form> > </body> > </html> > > John. > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. Does > SourceForge.net help you be more productive? Does it help you create > better code? SHARE THE LOVE, and help us help YOU! Click Here: > http://sourceforge.net/donate/ > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. Does > SourceForge.net help you be more productive? Does it help you create > better code? SHARE THE LOVE, and help us help YOU! Click Here: > http://sourceforge.net/donate/ > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. Does > SourceForge.net help you be more productive? Does it help you create > better code? SHARE THE LOVE, and help us help YOU! Click Here: > http://sourceforge.net/donate/ > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. Does > SourceForge.net help you be more productive? Does it help you create > better code? SHARE THE LOVE, and help us help YOU! Click Here: > http://sourceforge.net/donate/ > _______________________________________________ > Opensymphony-webwork mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork > ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
