This content has been marked as final.
Show 2 replies
-
1. Re: Is this a security flaw?
mcscottmc Feb 13, 2004 2:32 PM (in response to unngh)unngh:
I pointed this out in this thread:
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=45444
I give a work-around for protecting modules, but I think your themes are going to be wide open. It makes sense that you can fetch the resources via URL (how else would your browser get your graphics), but the Nukes guys could probably add some configuration attributes to the ResourceServlet to prevent/allow certain url patterns and not others.
-Scott -
2. Re: Is this a security flaw?
julien1 Feb 13, 2004 3:06 PM (in response to unngh)yes that should be done, maybe another packaging similar to servlets