Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Web Application Security / Vulnerability / Environmental Vulnerability / J2EE Misconfiguration: Unsafe Bean Declaration
server monitoring

J2EE Misconfiguration: Unsafe Bean Declaration
Article ID: 145
Last updated: 08 May, 2008
Print
Email to friend
Views: 250
Posted: 08 May, 2008
by: Tech Pubs S.
Updated: 08 May, 2008
by: Tech Pubs S.

J2EE Misconfiguration: Unsafe Bean Declaration

Abstract

Entity beans should not be declared remote.

Description

Entity beans that expose a remote interface become part of an application's attack surface. For performance reasons, an application should rarely uses remote entity beans, so there is a good chance that a remote entity bean declaration is an error.

Examples 

	<ejb-jar>
		<enterprise-beans>
			<entity>
				<ejb-name>EmployeeRecord</ejb-name>
				<home>com.wombat.empl.EmployeeRecordHome</home>
				<remote>com.wombat.empl.EmployeeRecord</remote>
				...
			</entity>
			...
		</enterprise-beans>
	</ejb-jar>
This article was:   Helpful | Not Helpful
Prev   Next
J2EE Misconfiguration: Missing Error Handling     J2EE Misconfiguration: Insufficient Session-ID Length

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events