|
|
Re: security audit: msg#00207jakarta.velocity.user
Thanks, Attila, Good point. I guess I'll redo the Velocity patch to be method specific instead of class specific and catch "wait" and "notify" as you suggest. WILL Attila: Actually, calling wait() on an object is more likely to cause IllegalStateException except if the template author somehow manages to first cause the thread to enter the object's monitor (that is, synchronize on it). But if it does, then blocking a thread indefinitely is a very good way to mount a DOS attack - every new request will block another thread, eventually exhausting either a limited thread pool, or ultimately the system resources. _______________________________________ Forio Business Simulations Will Glass-Husain www.forio.com |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: html macro library: 00207, Andrew Tetlaw |
|---|---|
| Next by Date: | Struts & Velocity: 00207, Met @ Uber |
| Previous by Thread: | Re: security auditi: 00207, Attila Szegedi |
| Next by Thread: | Installation problems? Examples not working: 00207, Tapan Mehta |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |