incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <Janne.Jalka...@ecyrd.com>
Subject Re: auth problems with Oracle AS
Date Wed, 21 Nov 2007 22:31:55 GMT
> Stripes does not have a single doPrivileged() code block in it.  I  
> did a full search.

Neither does log4j, and my guess is that most of the libraries that  
we use, don't have them either.

I'm really no security expert, but it sounds to me that the gain vs  
effort ratio in this effort would not be very high.  Especially since  
most of the attacks so far seem to be XSS vectors, which really don't  
touch the JVM at all.

/Janne

Mime
View raw message