velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ChadDavis <chadmichaelda...@gmail.com>
Subject read only mode?
Date Fri, 27 Feb 2009 16:57:37 GMT
I'm building a system where users can customize their site's look and
feel by uploading templates that will override the built-in templates.
 I'm trying to explore the security aspects of this right now.  It
seems that the method invocation stuff, property setting, and anything
else that could cause state change on my back end is a threat.  I
would appreciate advise on enumerating the dangerous aspects of the
template language, and then ideas on how to block that stuff.

Is there a way to turn off features of the language?

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@velocity.apache.org
For additional commands, e-mail: user-help@velocity.apache.org


Mime
View raw message