Julian Reschke created JCR-5135:
-----------------------------------
Summary: Make JDNI support opt-in
Key: JCR-5135
URL: https://issues.apache.org/jira/browse/JCR-5135
Project: Jackrabbit Content Repository
Issue Type: Task
Components: jackrabbit-jcr-commons
Reporter: Julian Reschke
Support for JNDI is inherently dangerous, because it can load classes from
another location. Users of the method might not be aware when using it and just
pass parameter values without
sanitization. It would probably also be good to add a warning to the method and
state that parameters should come from configuration and not passed in from an
end user.
(ack [~mreutegg] )
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
