tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeanfrancois Arcand <jfarc...@apache.org>
Subject Re: session facade not used for event
Date Tue, 01 Jun 2004 21:53:40 GMT


Filip Hanik - Dev wrote:

>>>Facading is likely worthless for sessions,
>>>      
>>>
>
>you think so, you don't think session.setPrincipal is a security issue?
>  
>
Try it by turning the Security Manager on ;-)

-- Jeanfrancois

>Filip
>
>----- Original Message -----
>From: "Remy Maucherat" <remm@apache.org>
>To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
>Sent: Tuesday, June 01, 2004 3:02 PM
>Subject: Re: session facade not used for event
>
>
>  
>
>>Filip Hanik - Dev wrote:
>>    
>>
>>>Quick question, is there a reason the user code has access to the
>>>internal session instead of the session facade on session events?
>>>
>>>      
>>>
>>>>event = new HttpSessionBindingEvent(this,name,value); //inside
>>>>StandardSession
>>>>        
>>>>
>>>as opposed to this code, which would give the user a facade? event =
>>>new HttpSessionBindingEvent(new SessionFacade(this),name,value);
>>>      
>>>
>>Yes, but no.
>>Facading is likely worthless for sessions, as we're (fortunately) not
>>recycling them anymore. The session manager will prevent accessing any
>>of the extra methods (and even then, I'm not sure there's any public
>>methods worth exploiting).
>>
>>Rémy
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message