org/dwr/getstarted.
This step has the potential to affect the security of the application, as the
configuration specified by the DWR web site enables debugging mode by
default. Ensure that once testing is complete, debug mode is disabled.
4. Write a dwr.xml con?¬? guration ?¬? le, which should be placed in the WEB-INF
directory. This step also has the potential to affect the security of the application,
because this ?¬? le will de?¬? ne which classes DWR will generate into JavaScript that is
sent to the client.
5. Finally, the DWR-generated JavaScript ?¬? les are added to the HTML ?¬? les of the
web application to incorporate the newly created DWR functionality.
Unintended Method Exposure
Popularity: 4
Simplicity: 6
Impact: 3
Risk Rating: 4
Unintended method exposure can be an issue for developers using DWR. As
discussed in the upcoming Case Study on exposures, web application developers may
have previously relied on the fact that users of their web application would be aware of
only methods about which they were explicitly informed. With Web 2.0 applications,
however, the line of what functionality gets exposed to users has often shifted. This is
partially the case with DWR applications.
Pages:
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324