Return-Path: 
 <users-return-219637-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 78620 invoked from network); 1 Dec 2010 23:10:32 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 1 Dec 2010 23:10:32 -0000
Received: (qmail 71292 invoked by uid 500); 1 Dec 2010 23:10:29 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 71117 invoked by uid 500); 1 Dec 2010 23:10:28 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 71108 invoked by uid 99); 1 Dec 2010 23:10:28 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Dec 2010 23:10:28 +0000
X-ASF-Spam-Status: No, hits=1.5 required=10.0
	tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of jona.aguirre@gmail.com
 designates 209.85.213.45 as permitted sender)
Received: from [209.85.213.45] (HELO mail-yw0-f45.google.com) (209.85.213.45)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Dec 2010 23:10:22 +0000
Received: by ywg4 with SMTP id 4so381882ywg.18
        for <users@tomcat.apache.org>; Wed, 01 Dec 2010 15:10:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:received:in-reply-to
         :references:date:message-id:subject:from:to:content-type;
        bh=AtBbW8y/krmR/FXqRZZqT8Zgd4uv4vsaCam6pNcQQCQ=;
        b=IYBZRmfYlrHV+B5KmAHnzFysbowI+2wdlNOvwsLjn5hayXfz5s909QWYbjgDQtsa9V
         aaRQNrvxOqyxPl3JxeTvcU716O2Z0a82cdDdHjiC8A9d7V/DX70b6X5Vg390UhlHsV9f
         x4rZM96p9xFAzTnTD4q57f6nWcvRDhBiwrep0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=FLplDBGHcqK9Fr9n080TSd2BvQtwHEvP8+ZG4BZQ2TQ1sCgBX/dDLVZJlcD6eZ+cCs
         P9U+9q3yNdyhDBrPqiF3h7DMjB5D8ZDnbvZ8al6T3gAaK9mrqAChEvyof8hOpI2PHMiO
         XV5eRV678pr0aNhvUQV9mElA7TM26f2E+ZrYs=
MIME-Version: 1.0
Received: by 10.150.182.12 with SMTP id e12mr131592ybf.298.1291245001104; Wed,
 01 Dec 2010 15:10:01 -0800 (PST)
Received: by 10.151.106.16 with HTTP; Wed, 1 Dec 2010 15:10:01 -0800 (PST)
In-Reply-To: <4CF6956C.90506@christopherschultz.net>
References: <AANLkTi=WoPTAEtOx_H29syPS6FBYm1td67izote0LjE-@mail.gmail.com>
	<AANLkTikcbYaPMWTVzBVk9LjSxtJjVc6xXxP9JbTrpoY4@mail.gmail.com>
	<4CF64AAD.80404@apache.org>
	<AANLkTi=s5Qc4VGhxD84s3Qqs66WkD+OGqbGCT7Fxu67s@mail.gmail.com>
	<4CF6956C.90506@christopherschultz.net>
Date: Wed, 1 Dec 2010 20:10:01 -0300
Message-ID: <AANLkTi=yJLm9xbtSVzVJYCwKUe-amMU-Zaz8YbTh-mfV@mail.gmail.com>
Subject: Re: Fwd: Tomcat 7: Compatibility problems
From: Jonatan Aguirre Kobayashi <jona.aguirre@gmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Content-Type: multipart/alternative; boundary=000e0cd6adac9be60b04966167af
X-Virus-Checked: Checked by ClamAV on apache.org

--000e0cd6adac9be60b04966167af
Content-Type: text/plain; charset=ISO-8859-1

Christofer, i used the invoker to prototype applications more faster, if you
put your product to production the invoker has several security problems.

thanks for the answer!

2010/12/1 Christopher Schultz <chris@christopherschultz.net>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jonatan,
>
> On 12/1/2010 8:35 AM, Jonatan Aguirre Kobayashi wrote:
> > Can i implement the Servlet Invoker using annotations?
>
> The invoker servlet is completely unnecessary and was only available in
> older versions of the spec for backward-compatibility.
>
> The invoker was an idea that should have never made it into the spec in
> the first place because it introduces security problems and violates the
> principle of least surprise.
>
> The invoker was only ever good for lazy web app designers.
>
> The invoker does /not/ need to be re-build for your project. Instead,
> properly map them in web.xml per the specification and rest assured that
> you are safer for having done so.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkz2lWwACgkQ9CaO5/Lv0PD+9gCbBq0l2u7zpXsvi36+fVVffoEl
> 8AcAn2kCV3LKSQ7oB2U4FWYFHSe3GdRy
> =82nS
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

--000e0cd6adac9be60b04966167af--