Now going back to read more code.
----
-Tim
I'm starting to hate snow (after shoveling over 2 feet with more coming)
Donald Ball wrote:
Tim Funk wrote:A patch (which I didn't look at yet) could introduce the following:
- Bypassing a security contraints, eg:index.jsp is protected but / isn't
- Vulnerabilities - Through a wacky optimizations, other pages might get accidently exposed
Just curious... I assume the patch uses RequestDispatcher.forward to handle the request, right? But these checks should already be done by the RequestDispatcher, otherwise _anything_ that uses rd.forward could break security. So if we trust rd, what's the issue? If we don't, um, why _not_?
- donald
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
