This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "EJB Bad Practices: Use of Sockets"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/losaul/this-day-in-australian.html latest cricket score between south africa and australia
 
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/frhorton/8tsv4gg4i.html south africa democracy 1994
 
] [http://s1.shard.jp/olharder/route-66-auto.html auto formula lease
 
] [http://s1.shard.jp/olharder/j-b-auto-salvage.html replacement autopart
 
] [http://s1.shard.jp/olharder/discount-auto-part.html autoimmune disease hashimotos
 
] [http://s1.shard.jp/frhorton/j1znr5lny.html hadeda south africa
 
] [http://s1.shard.jp/losaul/nlp-training.html nlp training australia] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/olharder/bxautozip.html automatic fill insulin syringe
 
] [http://s1.shard.jp/galeach/new71.html toronto escorts asian
 
] [http://s1.shard.jp/bireba/norton-antivirus.html avg6.0 antivirus
 
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/olharder/canadian-auto.html classic mercedes automobiles
 
] [http://s1.shard.jp/bireba/nortons-antivirus.html ez trust ez antivirus
 
] [http://s1.shard.jp/frhorton/9vces3l25.html african immigrants education
 
] [http://s1.shard.jp/bireba/pc-cillin-antivirus.html pc cillin antivirus free download] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/olharder/bournes-auto.html auto window graphic
 
] [http://s1.shard.jp/frhorton/bnd824p72.html history of african dancing
 
] [http://s1.shard.jp/galeach/new40.html asian picture swimsuit
 
] [http://s1.shard.jp/losaul/newcastle-australia.html griffith university brisbane australia
 
] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/galeach/new7.html calendar and asian and woman
 
] [http://s1.shard.jp/bireba/avp-antivirus-free.html antivirus virus definition update
 
] [http://s1.shard.jp/galeach/new184.html disneys anastasia] [http://s1.shard.jp/bireba/symantec-norton.html avg antivirus comparison
 
] [http://s1.shard.jp/frhorton/837ibyv6o.html abcs africa
 
] [http://s1.shard.jp/galeach/new46.html asian labia
 
] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/frhorton/928f3x2wr.html mecer computers south africa
 
] [http://s1.shard.jp/olharder/automation-expense.html united automobile insurance company illinois
 
] [http://s1.shard.jp/galeach/new111.html truth is fantasia barrino mp3
 
] [http://s1.shard.jp/olharder/1-800-safe-auto.html jfk jr autopsy photos
 
] [http://s1.shard.jp/galeach/new167.html asian bridal show
 
] [http://s1.shard.jp/frhorton/91rryr9x4.html african imports uk] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/frhorton/j45p2foyu.html africa unite concert in addis ababa
 
] [http://s1.shard.jp/bireba/antivirus-software.html vexira antivirus 2005
 
] [http://s1.shard.jp/bireba/escan-antivirus.html escan antivirus toolkit crack] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/bireba/extendia-antivirus.html norton antivirus download rebate
 
] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/olharder/autoridad-nacional.html autoridad nacional del ambiente panama] [http://s1.shard.jp/frhorton/mz6vv73zx.html west african kingdoms
 
] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/olharder/arabian-automobiles.html cac auto financing
 
] [http://s1.shard.jp/galeach/new112.html sign of hip dysplasia
 
 
 
{{template:CandidateForDeletion}}
 
{{template:CandidateForDeletion}}
  
Line 56: Line 23:
 
   "The EJB architecture allows an enterprise bean instance to be a network socket client, but it does not allow it to be  
 
   "The EJB architecture allows an enterprise bean instance to be a network socket client, but it does not allow it to be  
 
   a network server. Allowing the instance to become a network server would conflict with the basic function of the  
 
   a network server. Allowing the instance to become a network server would conflict with the basic function of the  
   enterprise bean – to serve the EJB clients."
+
   enterprise bean to serve the EJB clients."
  
 
==Risk Factors==
 
==Risk Factors==

Latest revision as of 12:50, 3 June 2009

Template:CandidateForDeletion 

#REDIRECT Failure to follow guideline/specification


Last revision (mm/dd/yy): 06/3/2009


Description

The program violates the Enterprise JavaBeans specification by listening on a socket or accept connections on a socket. However it can act as a network socket client.

The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container [1].

In this case, the program violates the following EJB guideline: 

 "An enterprise bean must not attempt to listen on a socket, accept connections on a socket, or use a socket for multicast."

A requirement that the specification justifies in the following way: 

 "The EJB architecture allows an enterprise bean instance to be a network socket client, but it does not allow it to be 
 a network server. Allowing the instance to become a network server would conflict with the basic function of the 
 enterprise bean – to serve the EJB clients."

Risk Factors

TBD

Examples

TBD

Related Attacks


Related Vulnerabilities


Related Controls


Related Technical Impacts


References

Retrieved from "https://wiki.owasp.org/index.php?title=EJB_Bad_Practices:_Use_of_Sockets&oldid=63531"