Hi, Jukka Zitting schrieb: > Hi, > > I was thinking about the implications of giving a user write access to > a subtree of the repository. With that access the user could now > upload a new script and create a node that invokes that script when > rendered. > > What if the script contains something like System.exit(1)? Or > something even more malicious? > > Do we have mechanisms for preventing attack scenarios like that?
No, unless Java platform security (SecurityManager) is enabled, in which case the "exitVM" PlatformPersmission would be required to call System.exit() and likewise for other actions. Regards Felix
