[#SHALE-362] Improve default security of Shale Remoting

Shale

Improve default security of Shale Remoting

Created: 14/Dec/06 08:39 AM Updated: 23/Jan/07 04:40 PM

Return to search

Component/s:

Remoting

Affects Version/s:

1.0.4-SNAPSHOT

Fix Version/s:

1.0.4

Description

« Hide

The current "out of the box" security of Shale Remoting is better (in 1.0.4-SNAPSHOT) than it was in 1.0.3, but still needs to be improved:

* "Dynamic" processor should exclude by default all managed bean
  names that are implicitly defined in the JSF spec, and have public
  zero-args methods that might mess things up. (Example: executing
  #{applicationScope.clear} would be bad.

* All processors should be enhanced to *always* obey their default
  exclude lists, even if the user specifies additional exclude patterns.

All

Comments

Change History

Subversion Commits

Sort Order:

Craig McClanahan made changes - 14/Dec/06 08:43 AM

Field	Original Value	New Value
Resolution		Fixed [ 1 ]
Status	Open [ 1 ]	Resolved [ 5 ]

Rahul Akolkar made changes - 23/Jan/07 04:40 PM

Fix Version/s	1.0.4-SNAPSHOT [ 21740 ]
Fix Version/s		1.0.4 [ 21790 ]

Jeff Turner made changes - 09/Aug/07 07:15 AM

Workflow

Struts [ 39043 ]

Struts - editable closed status [ 41682 ]

Antonio Petrelli made changes - 08/Jan/09 08:56 AM

Workflow

Struts - editable closed status [ 41682 ]

Struts - editable closed status (temporary) [ 45914 ]

Antonio Petrelli made changes - 08/Jan/09 09:08 AM

Workflow

Struts - editable closed status (temporary) [ 45914 ]

Struts - editable closed status [ 52585 ]