[OWASP-ESAPI] [Esapi-dev] New Blog Post - Why the InvokerServlet is Evil

Chris Schmidt chrisisbeef at gmail.com
Fri Dec 11 00:41:13 EST 2009


Wow! The Terminate and Stay Resident one got me. I haven't event heard the
term TSR for ages.... Very nice..

On Thu, Dec 10, 2009 at 9:11 PM, Jim Manico <jim.manico at owasp.org> wrote:

>  > Does anything ever die anymore?
>
> Old programmers never die. They just decompile.
> Old programmers never die. They just lose their memory.
> Old programmers never die. They just byte it.
> Old programmers never die. They just get bugged with life.
> Old programmers never die. They just go to bits.
> Old programmers never die. They just branch to a new address.
> Old programmers never die. They just can’t C as well
> Old programming wizards never die, they just recurse.
> Old C programmers never die. They are just cast into void*
> Old Java programmers never die. They are garbage collected.
> Old programmers never die. They just terminate and stay resident.
> Old programmers never die. They need to write the same exact software
> package over and ever every few years with the latest technology.
>
> :)
>
>  Nice post.  I first exploited the invoker back in 2001 or so.  I can’t
> believe it’s still in there.  Does anything ever die anymore?
>
>
>
> --Jeff
>
>
>
>
>
> *From:* owasp-esapi-bounces at lists.owasp.org [
> mailto:owasp-esapi-bounces at lists.owasp.org<owasp-esapi-bounces at lists.owasp.org>]
> *On Behalf Of *Chris Schmidt
> *Sent:* Thursday, December 10, 2009 3:40 PM
> *To:* ESAPI-Developers; owasp-esapi
> *Subject:* [OWASP-ESAPI] New Blog Post - Why the InvokerServlet is Evil
>
>
>
> I posted a new blog entry today on why the Tomcat InvokerServlet is evil,
> if you are interested check it out and pass it on. I noted at the end of the
> post that I am looking into adding a SecureInvokerServlet in ESAPI that
> provides the same functionality as the InvokerServlet with all the security
> controls that such a servlet should be performing built in.
>
>
>
>
> http://yet-another-dev.blogspot.com/2009/12/this-post-is-especially-for-anyone.html
>
>
>
> --
> -- Chris
>
> OWASP ESAPI Developer
> http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
>
> Check out OWASP ESAPI for Java
> http://code.google.com/p/owasp-esapi-java/
>
> Coming soon OWASP ESAPI for JavaScript
> http://code.google.com/p/owasp-esapi-js/
>
>
> _______________________________________________
> Esapi-dev mailing list
> Esapi-dev at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/esapi-dev
>
>
>
> --
>
> - Jim Manico
> OWASP ESAPI Project Manager
> http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
>
>
> OWASP Podcast Host/Producerhttp://www.owasp.org/index.php/OWASP_Podcast
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-esapi/attachments/20091210/b2dfa7e4/attachment.html 


More information about the OWASP-ESAPI mailing list