Author: veithen
Date: Wed Jan 25 23:20:37 2017
New Revision: 1780290
URL: http://svn.apache.org/viewvc?rev=1780290&view=rev
Log:
Add a more prominent warning about security issues with SOAP monitor.
Modified:
axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm
Modified:
axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm?rev=1780290&r1=1780289&r2=1780290&view=diff
==============================================================================
--- axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm
(original)
+++ axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm Wed
Jan 25 23:20:37 2017
@@ -28,6 +28,11 @@
<body>
<h1>Using the SOAP Monitor</h1>
+<p><b>Warning: the SOAP Monitor uses a protocol based on Java serialization
+and is therefore vulnerable to attacks. It should be used exclusively as a
+development and debugging tool, but never be permanently enabled on production
+systems.</b></p>
+
<p>Web service developers often want to see the SOAP messages that are being
used to invoke the Web services, along with the results of those messages.
The goal of the SOAP Monitor utility is to provide a way for the developers
