https://issues.apache.org/bugzilla/show_bug.cgi?id=44918
--- Comment #3 from sean.mul...@sun.com 2009-06-22 11:58:35 PST --- This patch contains a potential security hole which can allow untrusted code (ex: an unsigned applet) to replace the xml security configuration which could be part of a trusted installation. You can already specify a custom configuration by setting a system property and this is more secure since your code needs to have permission to set that property. To the submitter: have you tried specifying your custom config with the org.apache.xml.security.resource.config property? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
