[OWASP-ESAPI] [Esapi-dev] New Blog Post - Why the InvokerServlet is Evil
jim.manico at owasp.org
Thu Dec 10 23:11:43 EST 2009
> Does anything ever die anymore?
Old programmers never die. They just decompile.
Old programmers never die. They just lose their memory.
Old programmers never die. They just byte it.
Old programmers never die. They just get bugged with life.
Old programmers never die. They just go to bits.
Old programmers never die. They just branch to a new address.
Old programmers never die. They just can't C as well
Old programming wizards never die, they just recurse.
Old C programmers never die. They are just cast into void*
Old Java programmers never die. They are garbage collected.
Old programmers never die. They just terminate and stay resident.
Old programmers never die. They need to write the same exact software
package over and ever every few years with the latest technology.
> Nice post. I first exploited the invoker back in 2001 or so. I can't
> believe it's still in there. Does anything ever die anymore?
> *From:* owasp-esapi-bounces at lists.owasp.org
> [mailto:owasp-esapi-bounces at lists.owasp.org] *On Behalf Of *Chris Schmidt
> *Sent:* Thursday, December 10, 2009 3:40 PM
> *To:* ESAPI-Developers; owasp-esapi
> *Subject:* [OWASP-ESAPI] New Blog Post - Why the InvokerServlet is Evil
> I posted a new blog entry today on why the Tomcat InvokerServlet is
> evil, if you are interested check it out and pass it on. I noted at
> the end of the post that I am looking into adding a
> SecureInvokerServlet in ESAPI that provides the same functionality as
> the InvokerServlet with all the security controls that such a servlet
> should be performing built in.
> -- Chris
> OWASP ESAPI Developer
> Check out OWASP ESAPI for Java
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.org
- Jim Manico
OWASP ESAPI Project Manager
OWASP Podcast Host/Producer
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI