Craig R. McClanahan wrote:
>This would be just as fertile a ground for viruses as the Microsoft Office
>macros that allowed Melissa and all of its clones. Removing the ability to
list
>all the active sessions protects you from this, even in third party code.
Craig, would you consider it safe if the API returned only sessions created
by this webapp, and if the session object returned in this case only allowed
access to attributes of the session created by this webapp?
Geoff
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
