Difference between revisions of "J2EE Misconfiguration: Unsafe Bean Declaration"
(Added contents from Fortify.)
(added Category:Code Snippet)
|Line 40:||Line 40:|
Revision as of 13:23, 21 July 2006
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Entity beans should not be declared remote.
Entity beans that expose a remote interface become part of an application's attack surface. For performance reasons, an application should rarely uses remote entity beans, so there is a good chance that a remote entity bean declaration is an error.
<ejb-jar> <enterprise-beans> <entity> <ejb-name>EmployeeRecord</ejb-name> <home>com.wombat.empl.EmployeeRecordHome</home> <remote>com.wombat.empl.EmployeeRecord</remote> ... </entity> ... </enterprise-beans> </ejb-jar>