Filip Hanik - Dev wrote:
Facading is likely worthless for sessions,
you think so, you don't think session.setPrincipal is a security issue?
Try it by turning the Security Manager on ;-)
-- Jeanfrancois
Filip
----- Original Message -----
From: "Remy Maucherat" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Tuesday, June 01, 2004 3:02 PM
Subject: Re: session facade not used for event
Filip Hanik - Dev wrote:
Quick question, is there a reason the user code has access to the
internal session instead of the session facade on session events?
event = new HttpSessionBindingEvent(this,name,value); //inside
StandardSession
as opposed to this code, which would give the user a facade? event =
new HttpSessionBindingEvent(new SessionFacade(this),name,value);
Yes, but no.
Facading is likely worthless for sessions, as we're (fortunately) not
recycling them anymore. The session manager will prevent accessing any
of the extra methods (and even then, I'm not sure there's any public
methods worth exploiting).
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
