Alexandre Rafalovitch writes: > >A lot of work will be needed to create a suitable security manager for > >Jigsaw, as a rough estimate, I would say that nearly all the methods > >of httpd would have to go through a secuirity check (they all return > >sensitive data, such as the root resource, etc). > > > Not really. We can assume two things. First, there are no static methods on > the server that give out any information. Second, non-secure resources > (CGIs, Servlet before authorisations, agents, etc) would not have access to > the server because their bridges (eg CGIResource) would not expose server > objects to them. Well, I agree public static method are dangerous, but think of this one, just as examples of how difficult the task is: request.getClient().getServer(); resource().getServer() etc What I meant is that it is not going to be easy to make sure that all pathes to sensitive data will contain an appropriate security check. > Those two things would mean that non-authorised resources would not be able > to access server things. They still can create all those nasty threads, > Sockets and file objects, but this is where we will need a real security > manager. So, I would say, don't worry about protecting the server. Well, funnily, I am much less concerns by those, since the protection for them is already available (and tested ;-) in the java std libraries, so at least for them, we know that the security manager is called... Anselm.Received on Friday, 15 November 1996 05:18:03 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 April 2009 12:59:46 GMT