axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran" <stev...@iseran.com>
Subject Re: [axis] ApacheServletBase : isProduction()
Date Mon, 19 Aug 2002 05:06:25 GMT

----- Original Message -----
From: <rsitze@us.ibm.com>
To: <axis-dev@xml.apache.org>
Sent: Friday, August 16, 2002 15:54
Subject: Re: [axis] ApacheServletBase : isProduction()


> The property is a fundamental problem to me.  I'd rather have the code
> 'be' production code, with plugin behaviour for anything else you want. In
> this case, I'd move the command-processing OUT of AdminServlet into a
> pluggable module, let AdminServlet 'get' that model (AxisProperties now
> has some handy methods for doing that).  Then we plug in whatever we want
> for our environment (production or otherwise).

Right. you should know that my 'production' build doesnt actually include
the admin servlet, cos it aint in my web.xml. And I agree that the default
should be production ready.

But what do we need to do to harden axis?

-remove all helpful 'here are the services' stuff
-return uninformative error codes
-not provide *any* stack traces on exceptions.


> Your command-module would be a good candidate for the proposed
> 'axis-dev.jar'.

I didnt propose a command module.


-Steve
>
>
> *******************************************
> Richard A. Sitze
> IBM WebSphere WebServices Development
>
>
>
>
> "Steve Loughran" <steve_l@iseran.com>
> 08/16/2002 01:26 AM
> Please respond to axis-dev
>
>         To:     <axis-dev@xml.apache.org>
>         cc:
>         Subject:        Re: [axis] ApacheServletBase : isProduction()
>
>
>
>
>
> ----- Original Message -----
> From: <rsitze@us.ibm.com>
> To: <axis-dev@xml.apache.org>
> Sent: Thursday, August 15, 2002 15:57
> Subject: [axis] ApacheServletBase : isProduction()
>
>
> > Can this be moved to AdminServlet?  It's the only place it's used... and
> > I'd rather not open the door for that all the way down in the servlet.
>
>
> well, what I'd like is a single switch to tell everything to adopt a
> secure
> behavior. Such as not listing services, and anything else we do.
>
> how about move the property/load down, but leave the constant defined at
> the
> top so other servlets can use it when needed. Or we pull all such consts
> into a side class.
>
>
>
>


Mime
View raw message