Hi Nothing stops you from creating your own if its is disabled - A scenario like yours is by any means unsecure.
Hermod -----Opprinnelig melding----- Fra: Bernhard Slominski [mailto:[EMAIL PROTECTED] Sendt: 29. november 2006 14:41 Til: [email protected] Emne: Security in Remoting: ClassResourceProcessor Hi, I think the current implementation of the ClassResourceProcessor is a security issue. The ClassResourceProcessor exposes all files in the classpath and it's enable by default. If you have e.g. your database passwords in properties files you just have to know the name and path to the file and you can read the content of the file. So I think it should at least be disabled by default. Bernhard
