forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathEjbContainerInterference.qhelp
More file actions
36 lines (28 loc) · 913 Bytes
/
EjbContainerInterference.qhelp
File metadata and controls
36 lines (28 loc) · 913 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
The Enterprise JavaBeans 3.0 core specification, Section 21.1.2, states:
</p>
<blockquote>
<p>
The enterprise bean must not attempt to create a class loader; obtain the current class loader;
set the context class loader; set security manager; create a new security manager; stop the
JVM; or change the input, output, and error streams.
</p>
<p>
These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions
could compromise security and decrease the container's ability to properly manage the runtime environment.
</p>
</blockquote>
</overview>
<references>
<li>
<a href="http://jcp.org/aboutJava/communityprocess/final/jsr220/index.html">
JSR-220 Enterprise JavaBeans 3.0 Final Release</a> (ejbcore),
Section 21.1.2 Programming Restrictions
</li>
</references>
</qhelp>