Hi There,
While i was looking at a POST request on a sample application i observed
that the POST request is carrying the following piece of text in the body
java.lang.String/2004016611|N
Here, my question is, is GWT deserialization process is using this
representation to construct a String object like below?
java.lang.String("N")
If so are there any preventive measures implemented to
avoid instantiating arbitrary object being constructed to avoid any attacks
by a hacker? Now imagine the attacker
constructing a FileOutputStream("/etc/passwd") - depending on the user
the application server is running, this would create a huge security risk.
Your suggestions are very much appreciated.
Regards,
bala.
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
