David Potts <[EMAIL PROTECTED]> writes:

> Henry Reardon wrote:
>
> A baddly written serverlet is always a security risk, however its a dam
> site harder to write a serverlet that will allow open access to your web
> site like a badly written perl script.  For example
>
> Tricking a perl script in to executing meta characters.
> Chrashing an entire web server, etc.

I'm affraid this is nonsense. There are just as many of these sort of
issues with Java.


The issue is the process dispatch and the potential set-uid issues
involved in executing another process.


Nic

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to