Menu
▾
▴
Re: [Exist-development] Renaming the "lib" extension
|
From: Dmitriy S. <sha...@gm...> - 2010-03-24 18:55:19
|
Hey,
On Wed, 2010-03-24 at 19:46 +0100, Dannes Wessels wrote:
> On Wed, Mar 24, 2010 at 7:23 PM, Dmitriy Shabanov <sha...@gm...> wrote:
> > Do we speak about LibFunction? I don't see any security issue there, or
> > I'm missing something?
>
> > Any scenario?
>
> The issue is fundamentally. A jar library is specified by a query,
> that can live anywhere, even oustide the db. Basically all jar files
> can be specified,
> including those who you might not want to expose, e.g. private
> libraries.
ok, for now it hard-coded to
private final static String LIB_WEBINF = "WEB-INF/lib/";
private final static String[] LIB = {"./lib/core",
"./lib/optional", "./lib/extensions", "./lib/user", "."};
so, simples solution hardcode it jars mask like log4j-%latest%.jar too
(src/org/exist/start/start.config can be used/reused)
Will it solve this problem?
--
Cheers,
Dmitriy Shabanov
|
