|
| From: | catmat |
| Subject: | Re: [Gnumed-devel] Time for a major re-think in 2005 - opinions please. |
| Date: | Sun, 09 Jan 2005 10:22:04 +1100 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041231 |
Carlos Moro wrote:
Hi all, catmat wrote:it's more productiveto produce many different prototypes : it can't do any harm : for instance the web client can serve lots of functions - e.g. how to use gnumed schemato learn struts as well as the workings of a fine evolved schema ( that might get more java developers to contribute, although it hasn't :( )I'm wishing to try the web client and also make easier for anyone to try it... (hope also it would attract any hungry java developers ;) ) What if we set it up in new server?Best regards, carlos _______________________________________________ Gnumed-devel mailing list address@hidden http://lists.gnu.org/mailman/listinfo/gnumed-devel
that would be nice to see; it's not been maintained for a while though.can you set it up to minimize the chance of getting root access via the web server. I was only relying on blind faith that java tomcat , servlets, jsp are secure (I didn't do anything to prevent cross-site exploits, nor did I validate that
entries escaped anything resembling html, javascript . I assumed jsp doesn't behave like php, e.g. no input is run as arguments to a command line , but there are parts like <?=object.getValue() > so maybe it's possible to insert html like hrefs to bad sites) Sorry , a little fuzzy about the exact mechanics of web exploits.
| [Prev in Thread] | Current Thread | [Next in Thread] |