W3C home > Mailing lists > Public > www-jigsaw@w3.org > November to December 1996

RE: AutoStarting Resource (was Request for feature: Logger.sync())

From: Anselm Baird_Smith <abaird@www43.inria.fr>
Date: Fri, 15 Nov 1996 11:17:37 +0100 (MET)
Message-Id: <199611151017.LAA22971@www43.inria.fr>
To: Alexandre Rafalovitch <alex@access.com.au>
Cc: www-jigsaw@w3.org
Alexandre Rafalovitch writes:
 > >A lot of work will be needed to create a suitable security manager for
 > >Jigsaw, as a rough estimate, I would say that nearly all the methods
 > >of httpd would have to go through a secuirity check (they all return
 > >sensitive data, such as the root resource, etc).
 > >
 > Not really. We can assume two things. First, there are no static methods on
 > the server that give out any information. Second, non-secure resources
 > (CGIs, Servlet before authorisations, agents, etc) would not have access to
 > the server because their bridges (eg CGIResource) would not expose server
 > objects to them.

Well, I agree public static method are dangerous, but think of this
one, just as examples of how difficult the task is:

request.getClient().getServer();
resource().getServer()
etc

What I meant is that it is not going to be easy to make sure that all
pathes to sensitive data will contain an appropriate security check.

 > Those two things would mean that non-authorised resources would not be able
 > to access server things. They still can create all those nasty threads,
 > Sockets and file objects, but this is where we will need a real security
 > manager. So, I would say, don't worry about protecting the server.

Well, funnily, I am much less concerns by those, since the protection
for them is already available (and tested ;-) in the java std
libraries, so at least for them, we know that the security manager is
called...

Anselm.
Received on Friday, 15 November 1996 05:18:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:25 GMT