Google Git
Sign in
gwt / gwt / 444169cb04565e22ce5ee9b8cc9b73bdd509d768
commit444169cb04565e22ce5ee9b8cc9b73bdd509d768[log] [tgz]
authorgwt.team.scottb <gwt.team.scottb@8db76d5a-ed1c-0410-87a9-c151d255dfc7>Mon Aug 13 18:30:53 2007 +0000
committergwt.team.scottb <gwt.team.scottb@8db76d5a-ed1c-0410-87a9-c151d255dfc7>Mon Aug 13 18:30:53 2007 +0000
treed7302b825aa99e0c07844eb47c74e7e74a3c6201
parent27104189ba49f68ee0bd8879e1e430ec277d6a2d [diff]
Fixes issue #1297 by implementing a whitelist approach to types the server may serialize.  The whitelist is generated by the compile process and must be included on the server.  RemoteServiceServlet will attempt to load this file through ServletContext.getResource().  A failure to load the whilelist will result in 1.3.3 compatible behavior where java.io.Serializable is not considered a valid marker interface.  This is to prevent a malicious client from causing a server to instantiable artibtrary types extending java.io.Serializable.

Patch by: mmendez, me
Review by: me, mmendez


git-svn-id: https://google-web-toolkit.googlecode.com/svn/trunk@1302 8db76d5a-ed1c-0410-87a9-c151d255dfc7
44 files changed
tree: d7302b825aa99e0c07844eb47c74e7e74a3c6201
  1. build-tools/
  2. dev/
  3. distro-source/
  4. doc/
  5. eclipse/
  6. jni/
  7. samples/
  8. servlet/
  9. tools/
  10. user/
  11. build.xml
  12. common.ant.xml
  13. platforms.ant.xml