- From: Anselm Baird_Smith <abaird@www43.inria.fr>
- Date: Fri, 15 Nov 1996 11:17:37 +0100 (MET)
- To: Alexandre Rafalovitch <alex@access.com.au>
- Cc: www-jigsaw@w3.org
Alexandre Rafalovitch writes: > >A lot of work will be needed to create a suitable security manager for > >Jigsaw, as a rough estimate, I would say that nearly all the methods > >of httpd would have to go through a secuirity check (they all return > >sensitive data, such as the root resource, etc). > > > Not really. We can assume two things. First, there are no static methods on > the server that give out any information. Second, non-secure resources > (CGIs, Servlet before authorisations, agents, etc) would not have access to > the server because their bridges (eg CGIResource) would not expose server > objects to them. Well, I agree public static method are dangerous, but think of this one, just as examples of how difficult the task is: request.getClient().getServer(); resource().getServer() etc What I meant is that it is not going to be easy to make sure that all pathes to sensitive data will contain an appropriate security check. > Those two things would mean that non-authorised resources would not be able > to access server things. They still can create all those nasty threads, > Sockets and file objects, but this is where we will need a real security > manager. So, I would say, don't worry about protecting the server. Well, funnily, I am much less concerns by those, since the protection for them is already available (and tested ;-) in the java std libraries, so at least for them, we know that the security manager is called... Anselm.
Received on Friday, 15 November 1996 05:18:03 UTC