The set of classes to provide the info does implement the proper security, but I can't see anything restricting the (non-privileged) author of the style sheet from maliciously calling other classes' methods, for example sql or File, in whatever way they want; this appears to be why the FEATURE_SECURE_PROCESSING flag was created to turn off function extensions. The server which would be processing the transformations has full access to the information (not to mention file systems etc), but is firewalled and securely presents information to web-based clients. XSL looks like a great way to let clients build xhtml-formatted reports using a limited set of functions I provide to access the information.
I suppose I could create a separate java "client" process specifically for this purpose and sandbox it into a safe place, but I think the effort/duplication/maintainence would be huge relative to what I'm trying to accomplish.. Dave Brosius-2 wrote: > >>> So is there any way of limiting which java classes >> can be accessed as extensions? > > > I doubt it. > > I'm assuming you have a set of classes that provide all the secure > information, however. If a user altered the style sheet, added their own > extension functions, don't they still have to add some point then call > your > classes to get the secure information, and therefore, isn't that the point > were you > can enforce security. Perhaps, i'm still not grasping the entirety of your > problem. > > -- View this message in context: http://www.nabble.com/Usage-model---no-source-XML%2C-just-api-calls-tp22264025p22280776.html Sent from the Xalan - J - Users mailing list archive at Nabble.com.
