[rules-users] Security test cases for Drools
Edson Tirelli
ed.tirelli at gmail.com
Wed Nov 9 11:52:41 EST 2011
Against external attacks, Drools supports knowledge base signing and
checking using standard asymmetric keys infrastructure. Regarding the web
application, I will let one of the guvnor guys to talk about. Against
internal attacks, i.e., someone deliberately adding a malicious rule into
the application, the only way is through company policies and processes
that ensure a workflow for rule approval. Drools offers audit logs
(runtime) and standard versioning history (in guvnor, authoring time) to
track changes.
Edson
On Wed, Nov 9, 2011 at 11:42 AM, kapokfly <ivan.jiang.ww at foxmail.com> wrote:
> Not sure if anyone can share their experiences what kind of test cases on
> Drools security should be developed and ensured?
>
> As the rule is just a piece of codes in String format which can be hooked
> into JVM, we can assume that might open some holes and necessary security
> test cases need to be designed against.
>
> Anyone can share their experiences on this?
>
> Thanks...
>
> --
> View this message in context:
> http://drools.46999.n3.nabble.com/Security-test-cases-for-Drools-tp3494072p3494072.html
> Sent from the Drools: User forum mailing list archive at Nabble.com.
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
>
--
Edson Tirelli
JBoss Drools Core Development
JBoss by Red Hat @ www.jboss.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/rules-users/attachments/20111109/6b4b7907/attachment.html
More information about the rules-users
mailing list