RE: security audit

Good point, may be we need a section in the docs mentioning about
potential security implications. BTW, I think the SecurityManager is
designed to have fine grained access control over classes and method
calls. If you are interested, look into it.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Ed Yu, Senior Solutions Architect (IBM Certified AIX Administrator), 
Advanced Solutions Group, Physics Dept., University of South Carolina,
Columbia, SC 29208 
Office (803)777-8831, FAX (803)777-8833, Email ekyu@xxxxxxxxxx


> -----Original Message-----
> From: Will Glass-Husain [mailto:wglass@xxxxxxxxx] 
> Sent: Thursday, May 29, 2003 1:08 PM
> To: velocity-user@xxxxxxxxxxxxxxxxxx
> Subject: Re: security audit
> 
> 
> Nathan,
> 
> Thanks for your detailed and helpful set of thoughts.  Good 
> point about wrapping context objects and avoiding the 
> VelocityServlet.  (I'm actually using my own servlet, but 
> have a bit of legacy code copied over from the VS).
> 
> If it wasn't clear in my last email, this was a list of 
> security issues I encountered in *my application*, and the 
> solutions I plan on taking.  (not a laundry list of problems 
> with Velocity, which -- with a few reservations-- I think is 
> a great tool).  Obviously, the security and integrity of an 
> application is wholly the responsibility of the developer and 
> sysadmin.
> 
> I post these issues (which may or may not be applicable to 
> others) to ask for ideas on other risks, and to help people 
> think through risks with their own Velocity-based web 
> applications.  For example, although the Torque issue is not 
> a "velocity" issue, it definitely was a potential exploit for 
> my app.  It was a bit of a shock to realize that my system 
> allowed any template writer to use a reference to do 
> arbitrary SQL calls.  A caution to other Velocity 
> developers-- be sure that you know what is in your context 
> and that you are comfortable with all the methods that are exposed.
> 
> By the way, the biggest risk-reduction technique would be to 
> only allow a small trusted set of people to write templates.  
> But in my application, hundreds of people write templates, so 
> I'm trying to make this a safe environment.  If anyone has 
> other ideas, please let me know.
> 
> Cheers,
> 
> WILL
> 
> 
> 
> _______________________________________
> Forio Business Simulations
> Will Glass-Husain
> www.forio.com
>