<div dir="ltr">Hi,<div><br></div><div>Just wondering, but what is the primary use case for a security manager server side?</div><div><br></div><div>While the model obviously makes sense for Applets and Webstart where untrusted code is executed on the user's machine, I found it to be extremely rare for a server to run untrusted code. In fact, I don't think I've ever seen this situation.</div>
<div><br></div><div>There's maybe a case to prevent privilege escalation in case of a legitimate app being hacked, but in practice it doesn't look like a security manager is really being used a lot for that, is it? Instead the default thing to do there seems to be to run the AS under a user with limited rights on the host OS and/or use things like SELinix or Virtual Servers (e.g. XEN) to isolate the complete AS.</div>
<div><br></div><div>Kind regards,</div><div>Arjan Tijms</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Apr 19, 2014 at 1:53 AM, Jason T. Greene <span dir="ltr"><<a href="mailto:jgreene@redhat.com" target="_blank">jgreene@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Sent from my iPhone<br>
<div class=""><br>
> On Apr 18, 2014, at 5:50 PM, Stuart Douglas <<a href="mailto:stuart.w.douglas@gmail.com">stuart.w.douglas@gmail.com</a>> wrote:<br>
><br>
><br>
> Enabling the security manager by default is a terrible idea.<br>
<br>
</div>+1000<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
wildfly-dev mailing list<br>
<a href="mailto:wildfly-dev@lists.jboss.org">wildfly-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/wildfly-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/wildfly-dev</a><br>
</div></div></blockquote></div><br></div>