HTML to PDF / DOCX / RTF Java converter library › Forums › PD4ML v3 Archived Forums (Read Only) › General questions / FAQ › Possible security hole in pd4ml › Re: Re: Possible security hole in pd4ml
February 2, 2010 at 13:19
#27761
The issue is relevant only for scenarios, when you allow users to author, freely edit and save HTML templates on the server side. We find that as a bad practice in general.
It makes teoretically possible to address undesired resources (for example, images) on the server side. Of course, the addressing possibilities are limited by permissions of the user account, the application server runs under.
The most recent PD4ML betas implement a configuration parameter to limit the resource addressing scope.