Speaking only for the JRuby and Jython containers (which I work on),
those are not loaded until you attempt to deploy an application that
attempts to make use of them. I would suspect that other scripting
languages work similarly, because of OSGI. Thus, they are off (and not
even loaded into the VM)by default unless you attempt to deploy a
PHP/Perl/JRuby/Jython application, and pose no security risk whatsoever.
glassfish_at_javadesktop.org wrote:
> Hello everyone,
> I have a simple question.
> We are running GlassFish v3-prelude to deploy just one web application.
> The web application only makes use of Java and jsp pages.
> Because we are not using PHP, or Prel, or any other additional scripting language, we would like to disable it in our GlassFish server in order to make it more secure against potential attacks.
> Is this possible? How?
>
> Thanks so much.
> Alex
> [Message sent by forum member 'alecaste' (alecaste)]
>
> http://forums.java.net/jive/thread.jspa?messageID=350948
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>