tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <mt...@apache.org>
Subject Re: Security Assurance
Date Tue, 10 Jan 2006 15:57:07 GMT
Marsh David W Maj AFIT/ENG wrote:
> Tomcat Developers,
> 
> While I understand that the libraries and extensions used by Tomcat
> *should* provide that assurance, what would happen if someone
> inadvertently wrote some code that could create a new object with rights
> never intended by developers?

What I would consider useful is a 'compile time note'
that the code might be insecure, but trying to forbid
any code during execution time beyond existing
execution security level is both out of spec as well as
completely useless.

So, if you find a way to introspect the possible
harmful user written code during compilation time,
only then it would make some sense.

Regards,
Mladen.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message