[jboss-remoting-issues] [JBoss JIRA] Closed: (JBREM-1116) Remove SecurityUtility
Ron Sigal (JIRA)
jira-events at lists.jboss.org
Tue Apr 14 20:18:22 EDT 2009
[ https://jira.jboss.org/jira/browse/JBREM-1116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ron Sigal closed JBREM-1116.
----------------------------
Resolution: Done
All methods except SecurityUtility.skipAccessControl() have been migrated as private static methods to the classes that call them.
There don't seem to be any security related issues in the test suite.
> Remove SecurityUtility
> ----------------------
>
> Key: JBREM-1116
> URL: https://jira.jboss.org/jira/browse/JBREM-1116
> Project: JBoss Remoting
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: 2.5.0.SP2 (Flounder)
> Reporter: Ron Sigal
> Assignee: Ron Sigal
> Priority: Critical
> Fix For: 2.5.1 (Flounder)
>
>
> org.jboss.remoting.util.SecurityUtility is a collection of static methods that wrap security sensitive method calls in a java.security.PrivilegedActionException or a java.security.PrivilegedExceptionAction. It has the advantage of avoiding cluttering the calling code, but it has the significant disadvantage that any code can call these public methods and, using the permissions granted to Remoting, bypass security restrictions.
> The methods should be migrated out of SecurityUtility and made inaccessible.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-remoting-issues
mailing list