Support Forums: Message List - JSR-315 needs YOU for servlet 3.0

Support Forums: Message List - JSR-315 needs YOU for servlet 3.0 http://www.theserverside.com Most recent forum messages en Jive Forums Silver 5.5.30 (www.jivesoftware.com) Tue, 21 May 2013 12:59:09 -0400 More problems.. http://www.theserverside.com/discussions/thread.tss?thread_id=49212 Fri, 23 May 2008 10:56:02 -0400 Fri, 23 May 2008 10:56:02 -0400 Fri, 23 May 2008 10:56:02 -0400 May 23, 2008 Roy van Rijn 1 Re: Security issue is bogus http://www.theserverside.com/discussions/thread.tss?thread_id=49212 so there's really nothing at all to scream about at this point. agreed... we can scream on the eg mailing list. :-)]]> Wed, 30 Apr 2008 13:27:14 -0400 Wed, 30 Apr 2008 13:27:14 -0400 Wed, 30 Apr 2008 13:27:14 -0400 Apr 30, 2008 Maxim Moldenhauer 0 Re: Security issue is bogus http://www.theserverside.com/discussions/thread.tss?thread_id=49212 I disagree. The end result is the same. Servlets exposed you don't want exposed....]]> Wed, 30 Apr 2008 10:03:53 -0400 Wed, 30 Apr 2008 10:03:53 -0400 Wed, 30 Apr 2008 10:03:53 -0400 Apr 30, 2008 Remy Maucherat 1 Re: Security issue is bogus http://www.theserverside.com/discussions/thread.tss?thread_id=49212

This is analogous to the security problems that were experienced with the invoker style, where /servlet/com.acme.SomeServlet would invoke the servlet even if it was not listed in the web.xml. These features bring back that...]]> Wed, 30 Apr 2008 09:47:45 -0400 Wed, 30 Apr 2008 09:47:45 -0400 Wed, 30 Apr 2008 09:47:45 -0400 Apr 30, 2008 Maxim Moldenhauer 2 Re: Security issue is bogus http://www.theserverside.com/discussions/thread.tss?thread_id=49212 This is analogous to the security problems that were experienced with the invoker style, where /servlet/com.acme.SomeServlet would invoke the servlet even if it was not listed in the web.xml. These features bring back that issue, that a...]]> Wed, 30 Apr 2008 06:00:27 -0400 Wed, 30 Apr 2008 06:00:27 -0400 Wed, 30 Apr 2008 06:00:27 -0400 Apr 30, 2008 Remy Maucherat 3 Re: Security issue is bogus http://www.theserverside.com/discussions/thread.tss?thread_id=49212 In practice, if you are deploying unknown, malicious code into your app server intentionally (which is what it would take for this to actually be a security problem) then you have bigger problems.

...]]> Tue, 29 Apr 2008 19:30:02 -0400 Tue, 29 Apr 2008 19:30:02 -0400 Tue, 29 Apr 2008 19:30:02 -0400 Apr 29, 2008 gregw 4 Re: Security issue is bogus http://www.theserverside.com/discussions/thread.tss?thread_id=49212 Bill,

I think the security issue is bogus IMO.
1) If this is a security hole, then EJB is also one big security hole as it allows this sort of deployment.

The ejb security scenario is quite...]]> Tue, 29 Apr 2008 11:53:22 -0400 Tue, 29 Apr 2008 11:53:22 -0400 Tue, 29 Apr 2008 11:53:22 -0400 Apr 29, 2008 Jesse Sightler 5 Re: Controlled flexibility http://www.theserverside.com/discussions/thread.tss?thread_id=49212 That automagical mode might be interesting for lazy developers... true.
BUT in order to remain acceptable in the corporate (aka Fortune 500) world it must be possible to impose strictly controlled behaviour. Those corporate...]]> Tue, 29 Apr 2008 11:03:49 -0400 Tue, 29 Apr 2008 11:03:49 -0400 Tue, 29 Apr 2008 11:03:49 -0400 Apr 29, 2008 Maxim Moldenhauer 0 Re: Stop adding useless crap http://www.theserverside.com/discussions/thread.tss?thread_id=49212 Tue, 29 Apr 2008 10:58:06 -0400 Tue, 29 Apr 2008 10:58:06 -0400 Tue, 29 Apr 2008 10:58:06 -0400 Apr 29, 2008 Maxim Moldenhauer 0 Make Java share hosting friendly http://www.theserverside.com/discussions/thread.tss?thread_id=49212 Tue, 29 Apr 2008 08:44:41 -0400 Tue, 29 Apr 2008 08:44:41 -0400 Tue, 29 Apr 2008 08:44:41 -0400 Apr 29, 2008 mschipperheyn 0 Re: Controlled flexibility http://www.theserverside.com/discussions/thread.tss?thread_id=49212 Just, PLEASE, leave a possibility to disable all those automatisms and give me complete control with the one and only web.xml.
LET THERE BE CHOICE! +++++++]]> Tue, 29 Apr 2008 03:12:35 -0400 Tue, 29 Apr 2008 03:12:35 -0400 Tue, 29 Apr 2008 03:12:35 -0400 Apr 29, 2008 Hans Prueller 0 Re: Does anyone really care? http://www.theserverside.com/discussions/thread.tss?thread_id=49212 Sorry if I sound negative, but how many Java developers really and truly care about the Servlet specification any more? I'd be willing to bet that 99% of Java developers don't care at all, because they are using a framework that handles all...]]> Tue, 29 Apr 2008 01:23:33 -0400 Tue, 29 Apr 2008 01:23:33 -0400 Tue, 29 Apr 2008 01:23:33 -0400 Apr 29, 2008 gregw 0 Re: Security issue is bogus http://www.theserverside.com/discussions/thread.tss?thread_id=49212 Tue, 29 Apr 2008 00:53:14 -0400 Tue, 29 Apr 2008 00:53:14 -0400 Tue, 29 Apr 2008 00:53:14 -0400 Apr 29, 2008 janb 6 Stop adding useless crap http://www.theserverside.com/discussions/thread.tss?thread_id=49212 Mon, 28 Apr 2008 23:57:41 -0400 Mon, 28 Apr 2008 23:57:41 -0400 Mon, 28 Apr 2008 23:57:41 -0400 Apr 28, 2008 Alex Besogonov 1 Re: Security issue is bogus http://www.theserverside.com/discussions/thread.tss?thread_id=49212 Mon, 28 Apr 2008 22:35:25 -0400 Mon, 28 Apr 2008 22:35:25 -0400 Mon, 28 Apr 2008 22:35:25 -0400 Apr 28, 2008 Srikanth Seshadri 0