On 4/5/07, Bryan Pendleton <[EMAIL PROTECTED]> wrote:
Thanks for the comments, Myrna!
> I am also wondering if allowing remote servers to get started - and
> stopped - would pose a security risk. Unless the app server is started
> with security manager, I guess.
Do you think that allowing the hostname value to be set in the web.xml
makes the security risk worse?
Well, currently you can't use the servlet that way...I don't think it
matters much, but (and please correct me if I'm wrong) I don't think
there's much of any warning in or near the servlet re security issues.
> I admit, I always interpreted the servlet more in the line of a demo
> than a heavy-weight tool.
Yes, I agree. I take your meaning to be that, since NetServlet.java uses
public APIs of the NetworkServerControl class, anyone who wanted a more
capable and/or secure implementation could build their own servlet code,
using the NetServlet.java code as a starting point. Is that what you meant?
Yes, that's exactly what I meant.
Of course, interesting improvements would be welcomed...:-)
Myrna
