[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Wrapping Scripted Media in RSS: Secure?
Bullard, Claude L (Len) wrote: > I don't get the question, Sterling. That post was > about the inherent insecurities of script languages > inside content. RSS is not an exception. But isn't this more about server admins than possible problems with script in content? How can their be problems if the script cannot be executed? If the script can be executed, then it is up to the server admin to lock down access to critical areas. For example, I allow Velocity code, written by /untrusted/ users, to be executed on one of my servers. But java has a security manager that allows you to limit what the org.apache.velocity.runtime.parser.node package can do (i.e. grabbing a classloader and then having access to anything - System.exec...). How would I be vulnerable if there is nothing to process perl, JSP or what-have-you? The problem is not with 'inherent insecurities of script languages inside content', it is with whoever maintains the server system. In other words, I think you are looking at the wrong culprit. best, -Rob
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|