<ww:property value="[EMAIL PROTECTED]@currentTimeMillis()}"/> works for me, so I think a remote execution is definitely possible. (Something like Runtime.exec would probably cause a lot of problems)
Do we need to filter certain classes/methods? I'm not sure how else we would solve this--this could allow someone to do some nasty stuff. Tom On 7/5/07, Bob Lee <[EMAIL PROTECTED]> wrote:
On 7/5/07, Ing. Andrea Vettori <[EMAIL PROTECTED]> wrote: > > The DoS is because you can trigger an infinite loop. My point is, can you execute arbitrary code on the server? If so, a DoS is the least of your worries. Bob
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
