3 Replies Latest reply on Oct 20, 2008 5:52 AM by Shane Bryzak

    Is Seam.Remoting.eval() secure?

    Drew Kutchar Newbie

      Can't a malicious user import the seam/remoting/resource/remote.js and use Seam.Remoting.eval() to bypass @WebRemote restrictions and call any arbitrary method? This can be a very serious security hole, even if Seam Remoting is not enabled (by marking any components using @WebRemote). I wonder how many Seam based sites are vulnerable to this sort of attack??