cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leszek Gawron <lgaw...@mobilebox.pl>
Subject Re: Continuation looks for wrong interpreter when using servlet protocol
Date Thu, 05 Apr 2007 08:16:24 GMT
Reinhard Poetz wrote:
> Rice Yeh wrote:
>> Hi,
>>   Here is another problem when using servlet protocol. A servlet S1 
>> extends another servlet S2. A web continuation k is generated in S2. 
>> When k returns back, k is matched in S1 with match pattern 
>> "*.continue" which exists in S2 also. Then comes an error with message 
>> like "k bound to S2, but looked up in S1".
> 
> I wonder if this really increases the security of Cocoon apps which was 
> the original reason why this feature was introduced. Can somebody 
> comment on this?

This is not the thing of security. The actual problem is a continuation 
could be created via apples processor and later on picked up by 
flowscript. Only the interpreter that creates the continuation is able 
to properly make use of it in the future.

Apart from that the continuation is created in some context. Any 
sendPage( "view/page.jx" ) is resolved in this particular context. 
Changing context on the fly would in most cases generate errors.

-- 
Leszek Gawron                         http://www.mobilebox.pl/krs.html
CTO at MobileBox Ltd.


Mime
View raw message