Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: java-1.7.0-icedtea - IcedTea runtime and development environments https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253691 ------- Additional Comments From k.georgiou@xxxxxxxxxxxxxx 2007-08-23 19:31 EST ------- Is it sensible to drop java-rmi.cgi in cgi-bin considering that it's puprose is to tunnel rmi to any host/port bypassing any local firewall? Here is what http://java.sun.com/developer/onlineTraining/rmi/RMI.html says about it: "Additionally, using the java-rmi.cgi script exposes a fairly large security loophole on your server machine, as now, the script can redirect any incoming request to any port, completely bypassing your firewalling mechanism." IMHO it would be better to install it somewhere else, anyone that needs to use it will have to modify it anyway to restrict to specific ports at the minimum so it's more of an example than a usefull application. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review