The servlet container usually have default security policies defined, which can easily be changed. Eg for tomcat, look at conf/catalina.policy. Am not sure what facilities ogsi containers provide in this area though?
2009/4/22 Jukka Zitting <jukka.zitt...@gmail.com> > Hi, > > I was thinking about the implications of giving a user write access to > a subtree of the repository. With that access the user could now > upload a new script and create a node that invokes that script when > rendered. > > What if the script contains something like System.exit(1)? Or > something even more malicious? > > Do we have mechanisms for preventing attack scenarios like that? > > BR, > > Jukka Zitting > -- -Tor