axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran" <stev...@iseran.com>
Subject <wsdlFile>
Date Tue, 19 Nov 2002 23:34:13 GMT

-just modified <wsdlFile> element support so that you can name a resource as
well as a file path to a WSDL file, and so bundle stuf fin your webapp. You
still need custom WSDL for each webapp of course, with the right local URL;
that is a detail I am ignoring.

One thing that concerns me is the security of the whole attriubute: anyone
can submit the name of any XML file on the server and have it served back.
Which means anyone with access to the admin service has read access to the
server's disk, and can get things like tomcat's server.xml, or anything else
of value.

I am minded to restrict access *only* to files ending in ".wsdl".



Mime
View raw message