Why is the invoker evil?
This is opinions of the writer (YMMV)
Quickie about the invoker: The invoker is a dynamic servlet which allows run-time loading of other servlets based on class name. This servlet is the one that allows
Evil because:
For another explanation of the invoker servlet, why it's evil, and what to do about it, see JavaRanch FAQ.
Quickie about the invoker: The invoker is a dynamic servlet which allows run-time loading of other servlets based on class name. This servlet is the one that allows
http://localhost/servlet/com.foo.MyClass?more=cowbell, where com.foo.MyClass is some class which can be loaded as a servlet but was never explicitly declared in a config file. Evil because:
- Security risk ... see links above
- Configuration hiding - There is NO way to determine which servlets are used vs which are not used. In web.xml, every servlet is declared and mapped. In that one file you instantly have a road map to how the webapp works.
- Back doors. Servlets which are mapped can be alternately called via the invoker by class name. Since the URL is different, all security constraints might be ignored since the URL pattern is VERY different.
- Back doors. Bad programmers make it easier to do bad things.
- Back doors. It may be common to use common 3rd party jars in a shared area. If that shared jar has servlets in them and that servlet has a hole in it, bad things happen.
- Configuration hiding - it's important enough to say twice. Explicit declaration while a PITA, will be more helpful in the maintenance scheme of your webapp.
For another explanation of the invoker servlet, why it's evil, and what to do about it, see JavaRanch FAQ.
No comments:
Post a Comment