Wooo hold on here, what you just described sounds a bit like a buffer overflow type of exploit, a bit of overkill i think.
Moreover, the use case shows a component type coming directly for the request URI, which is a giant door open to "component injection" by providing a value for the type that is not in the expected values and executes arbitrary code on the server.
Granted, if i can 1) upload my component 2) reload/restart the servlet container 3) get my components initialize() to run
then i'm in business. But how feasible is this? Worst case would be if the user configured fileuploads to go to web-inf/lib or web-inf/classes but then you're in trouble anyway because i'll upload my custom servlet class that overwrites the cocoon servlet.
Understanding your concerns, but needing a higher than extremely unlikely and isolated usecase,
Jorg
