ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <stev...@iseran.com>
Subject Re: What do you think about a <classloader> task ?
Date Tue, 30 Mar 2004 09:02:31 GMT
Rainer Noack wrote:
> Hi Steve
> 
> Your security issues sounds very reasonable for me. 
> 
> I've never thought of this, as I've used the URL option rarely 
> in practice and only for LAN access where security was irrelevant.
> Another reason is, that I've no experience with this stuff.
> 
> Do you think, it could be a blocker?
> 
> What is the best solution in the case, there is nobody who is more
> familiar with this stuff and implements the security issues now?
> a) Contribute as is and document this issue in the task documentation
>    until it's hopefully implemented later or
> b) Change the task, so that it does not accept non-file URLs (should be 
>    no big deal) or accepts only the original Path type instead of the
>    extended one.
> 
> Regards,
> Rainer


I think for a build process you are taking your own risks. The danger is 
that if people do bind to remote URLs for stuff, they create a new back 
door. We should document that :)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message