https://bugzilla.redhat.com/show_bug.cgi?id=1291292
Clebert Suconic <csuconic(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |csuconic(a)redhat.com
--- Comment #16 from Clebert Suconic <csuconic(a)redhat.com> ---
I don't think this is really an issue for Artemis or HornetQ
ObjectMessage is only a tool for the clients to generate and parse their User
objects.. they belong to the client, not to the server.
In Artemis everything is a byte Array. The thin JMS layer exists to bring an
utility to the client to generate and parse objects. they belong to the client.
We could maybe protect clients by adding restricted packages on the
classLoading. But we can't be over restrictive here as that would break a lot
of users using ObjectMessage.
Although MDBs run inside the server's VM at Wildfly. But I'm still not
convinced this is an issue, since the producer would need access to the queue
at producer's clearance.
--
You are receiving this mail because:
You are on the CC list for the bug.