You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/01/25 23:20:38 UTC

svn commit: r1780290 - /axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm

Author: veithen
Date: Wed Jan 25 23:20:37 2017
New Revision: 1780290

URL: http://svn.apache.org/viewvc?rev=1780290&view=rev
Log:
Add a more prominent warning about security issues with SOAP monitor.

Modified:
    axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm

Modified: axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm
URL: http://svn.apache.org/viewvc/axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm?rev=1780290&r1=1780289&r2=1780290&view=diff
==============================================================================
--- axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm (original)
+++ axis/axis2/java/core/trunk/src/site/xdoc/docs/soapmonitor-module.xml.vm Wed Jan 25 23:20:37 2017
@@ -28,6 +28,11 @@
 <body>
 <h1>Using the SOAP Monitor</h1>
 
+<p><b>Warning: the SOAP Monitor uses a protocol based on Java serialization
+and is therefore vulnerable to attacks. It should be used exclusively as a
+development and debugging tool, but never be permanently enabled on production
+systems.</b></p>
+
 <p>Web service developers often want to see the SOAP messages that are being
 used to invoke the Web services, along with the results of those messages.
 The goal of the SOAP Monitor utility is to provide a way for the developers