ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Taft <>
Subject RE: XML-RPC security question and Apache implementation
Date Wed, 03 May 2006 17:06:15 GMT

The original Apache code came from the helma source code, you are right.  
The young versions of the code (version 1.x) is very similar to the helma 
source code.

I use the 1.2b (?) version of the software (ie. a version based on the 
Helma source code).  The problem you suggest has been fixed.  I just read 
the code that fixes the problem.  Download the source code and read it 
yourself.  Look in the Invoker class.

None-the-less, the later versions of the code (version 2.x and 3.x) are 
pretty much rewrites from the original code.  That is, there's very little 
if any source code the same between the 1.x and the 2.x+ branches.  Again, 
download the code and check for yourself.  So, Georg's reply to you was 

Why are you fanning flames?  It seems like you're trying to pick a fight?

1)  The original code, based on Helma, has the fix in place that you 

2)  Later versions of Apache's XmlRpc code are not based on the Helma 

I'm not seeing an issue here.  Remember, this is open source software.  If 
you have a question or problem with the source code, you're probably best 
to answer these questions yourself by examining the very source code in 


On Tue, 2 May 2006 wrote:

> Really? That is strange because when you go to
> which is the old site of the helma
> release it points you to the Apache site because Apache adopted the Helma
> code.
> So why is the software I point to totally different? Is it not the software
> that Apache adopted (and modified later)?
> -Don 
> -----Original Message-----
> From: Georg Sauer-Limbach [] 
> Sent: Tuesday, May 02, 2006 5:38 PM
> To:
> Subject: Re: XML-RPC security question and Apache implementation
> wrote:
> > So I was just wondering
> > if the Apache implementation patched this problem.
> > 
> >
> This software you are pointing to is totally different from
> Apache's XML-RPC implementation. The bugs and security wholes
> were in that other software, not in Apache XML-RPC.
> Georg

View raw message