[jboss-remoting-issues] [JBoss JIRA] Created: (JBREM-1116) Remove SecurityUtility
Ron Sigal (JIRA)
jira-events at lists.jboss.org
Tue Apr 14 02:38:22 EDT 2009
Remove SecurityUtility
----------------------
Key: JBREM-1116
URL: https://jira.jboss.org/jira/browse/JBREM-1116
Project: JBoss Remoting
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: 2.5.0.SP2 (Flounder)
Reporter: Ron Sigal
Assignee: Ron Sigal
Priority: Critical
Fix For: 2.5.0.SP3 (Flounder)
org.jboss.remoting.util.SecurityUtility is a collection of static methods that wrap security sensitive method calls in a java.security.PrivilegedActionException or a java.security.PrivilegedExceptionAction. It has the advantage of avoiding cluttering the calling code, but it has the significant disadvantage that any code can call these public methods and, using the permissions granted to Remoting, bypass security restrictions.
The methods should be migrated out of SecurityUtility and made inaccessible.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-remoting-issues
mailing list