tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 9344] - Security risk at HttpSessionEvent Source
Date Thu, 23 May 2002 14:36:31 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9344>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9344

Security risk at HttpSessionEvent Source

remm@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From remm@apache.org  2002-05-23 14:36 -------
Actually, this is not a security risk, as the security manager will prevent 
access to anything which is specific to the o.a.catalina class (it will only 
allow access to the methods in the shared interface).
The facades prevent keeping pointers to the real objects if these can be used 
in another webapp, but in this case it's ok, as the servlet context and the 
sessions are associated with the webapp.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message