On 11/3/15 2:41 AM, Lin Gao wrote:
Also, WildFly does not limit type of the deployment file, but it might need a separate
discussion if necessary?
It's a very different thing, so a separate branch of the thread is
I don't see the file type thing as being a security issue, since
deployments are just bits to WildFly unless one of our deployment unit
processors recognizes the deployment type. Enforcing file types just
helps prevent users trying to deploy the wrong file.
Doing this would require forcing all extensions to register expected
file types with the kernel. This probably wouldn't be that big of a deal
for extensions that are part of WildFly itself, but it would be a
breaking change for any externally developed extensions that use
different file extensions.
It doesn't seem worth it to me, given the long list of things we have to
By "file types" here, I mean file extension. If checking for a
particular file structure is meant (e.g. the file structures named by
media type suffixes in https://tools.ietf.org/html/rfc6839
) then that's
a significantly different requirement that needs clarification.
Senior Principal Software Engineer
JBoss by Red Hat