Tomahawk doesn't work without internet connection. Security issue.
------------------------------------------------------------------
Key: TOMAHAWK-545
URL: http://issues.apache.org/jira/browse/TOMAHAWK-545
Project: MyFaces Tomahawk
Issue Type: Bug
Affects Versions: 1.1.3
Reporter: Gabriele Contini
Tomahawk library references an external dtd in META-INF/faces-config.xml
<!DOCTYPE faces-config PUBLIC
"-//Sun Microsystems, Inc.//DTD JavaServer Faces Config 1.1//EN"
"http://java.sun.com/dtd/web-facesconfig_1_1.dtd";>
If there is no network connection (for instance a site deployed on an intranet)
it's necessary to modify the tomahawk installation in order to remove those
dependencies.
What if the site java.sun.com becomes unavailable, for instance a DOS
attack?... all the JSF/Tomahawk applications would stop working immediatly. I
think this is a major security issue.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
