I came across an article about JSP on lantimes.com. I think it's an older
article but it mentions a security problem with beans that I've not heard of
before. I was wondering if this 'flaw' is indeed present and what can be
done to guard against it. I am including a copy of the paragraph in
question here:
"Since a large percentage of JavaServer Pages applications are dependent on
the use of JavaBeans components, they can potentially contain security
flaws. To be specific, all methods defined within a particular JavaBean are
accessible to the general public, even if the JSP application itself does
not use them all. In other words, anyone with Web development knowledge
could write any number of small, subversive applications, which retrieve
sensitive information through these JavaBeans data access methods. There are
ways to prevent such unauthorized use of JavaBeans components, but
developers must take the time and effort necessary to implement these
security measures. "
Full article by E. Shane Turner is at:
http://www.lantimes.com/ltparts/reviews/st68.htm
Thanks, Donald
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
