|
|
Re: security audit: msg#00161jakarta.velocity.user
Will said: ... > If it wasn't clear in my last email, this was a list of security issues I > encountered in *my application*, and the solutions I plan on > taking. (not a laundry list of problems with Velocity, which -- > with a few reservations-- I think is a great tool). Obviously, the > security and integrity of an application is wholly the responsibility > of the developer and sysadmin. ah, yeah, i didn't quite pick up on that. thanks. > ...For example, although the Torque issue is not a "velocity" issue, it > definitely was a potential exploit for my app. It was a bit of a > shock to realize that my system allowed any template writer to use > a reference to do arbitrary SQL calls. yeah, a scary thought if you can't trust the template authors! > But in my > application, hundreds of people write templates, so I'm trying to > make this a safe environment. your case is completely legitimate and i think your concerns here should be addressed, but on the other hand, i would be surprised if it were all that common. Nathan Bubna nathan@xxxxxxxx |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: security audit: 00161, Will Glass-Husain |
|---|---|
| Next by Date: | Dreamweaver extension for VTL: 00161, Eelco Hillenius |
| Previous by Thread: | Re: security auditi: 00161, Will Glass-Husain |
| Next by Thread: | RE: security audit: 00161, Ed Yu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |