You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-user@xml.apache.org by Wouter Cloetens <wo...@mind.be> on 2001/02/01 17:48:05 UTC
Re: Mime (Attachments) support in V2.1
sudhir@citadon.com wrote:
> What is the status of this? Can we use this feature safely in "soon
> releasing" V2.1?
You sure can.
> Wouter, there is a comment in MimeTest.java about some major Security Hole.
> Is this still true? Is this security hole specific to this example? If
> not, what are the plans for fixing it? Also, could you please create a
> README file in this directory (samples/mime) in line with other samples?
Well, the "getFile" example method takes a pathname as a parameter and
returns the corresponding file from the server's filesystem. That's
obviously dangerous, but it is an extremely useful sample. I had no
intent of fixing it. You just shouldn't deploy it except on a test
server...
bfn, Wouter