Quantcast

Info: In case you're not clear about the binding exploit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Info: In case you're not clear about the binding exploit

Marc Palmer Local
Hi,

In case you're not on twitter, I wrote a short piece explaining in some more depth the announced binding exploit - in case you are unsure whether or not you need to be concerned about your app:

http://www.anyware.co.uk/2005/2012/03/29/inside-the-grails-dependency-injection-binding-vulnerability/

This is very important because there is scope for users to corrupt your singleton beans or change "simple type" values of your singletons. Grails has all the tools you need to prevent this, but you definitely need to your app's exposure to it.

Cheers

~ ~ ~
Marc Palmer
Freelancer (Grails/Groovy/Java/UX)

I offer commercial support for Grails plugins from as low as $50/mo.
For details see: http://grailsrocks.com

Blog: http://www.anyware.co.uk | Resumé: http://www.anyware.co.uk/marc
Contributor @ http://grails.org |  Founder @ http://noticelocal.com
Developer @ http://weceem.org | Member @ http://spottymushroom.com
Twitter: http://twitter.com/wangjammer5 


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Loading...