[OWASP-ESAPI] New Blog Post - Why the InvokerServlet is Evil

Chris Schmidt chrisisbeef at gmail.com
Thu Dec 10 15:40:27 EST 2009


I posted a new blog entry today on why the Tomcat InvokerServlet is evil, if
you are interested check it out and pass it on. I noted at the end of the
post that I am looking into adding a SecureInvokerServlet in ESAPI that
provides the same functionality as the InvokerServlet with all the security
controls that such a servlet should be performing built in.

http://yet-another-dev.blogspot.com/2009/12/this-post-is-especially-for-anyone.html
<http://yet-another-dev.blogspot.com/2009/12/this-post-is-especially-for-anyone.html>

-- 
-- Chris

OWASP ESAPI Developer
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

Check out OWASP ESAPI for Java
http://code.google.com/p/owasp-esapi-java/

Coming soon OWASP ESAPI for JavaScript
http://code.google.com/p/owasp-esapi-js/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091210/fcea8df2/attachment.html 


More information about the OWASP-ESAPI mailing list