5 Replies Latest reply on Nov 7, 2005 11:23 AM by Scott Stark

    Security hole needs plugging for 1.0.2 release

    Adrian Brock Master

      So I've fixed the MC to work correctly under a security manager.

      However, the current fix introduces a security hole in the callouts to bean operations:

      The issue is that the bean operations like construction, setters, start/stop, etc.
      are now invoked using the controller's access control context,
      meaning that anybody can now deploy an xml file to potentially do *BAD* things!

      I think the more correct semantic is to save the access control context
      of the code that created the ControllerContext (bean deployment) and switch to
      that to invoke bean callouts.
      That way, nobody can use a bean deployment to gain extra permissions.