DWR – Direct Web Remoting

DWR- Easy Ajax for Java.

The DWR (Direct Web Remoting) project is an open source solution released under the Apache license for the developers who wants to use AJAX and XMLHttpRequest in an easy way. It allows Javascript in a browser to interact with Java servlet that runs on the server. The servlet then processes requests that arrive from clients and sends back responses. The deployment of DWR is pretty simple. It comes with a single jar file and you need to add few lines in your web.xml. In the web page you need to add <script> tags to indicate which classes you wish to import and can call the Java Code directly from the JavaScript.

Imperva Application Defense Center has found a vulnerability in DWR. For more details check out here. So think twice before using DWR for your web application as Denial of Service Attacks and other security vulnerabilites are possible.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: