[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

Monday, 10 November 2008

&quot;adrian(a)jboss.org&quot; wrote : &quot;anil.saldhana(a)jboss.com&quot; wrote :
&quot;adrian(a)jboss.org&quot; wrote :  
  |   |   |  I also don't see the need for the permission to set the codesource
generator.
  |   |   | If somebody can get access to the policy then can make all sorts of other
  |   |   | changes anyway. Getting access to the classloader
  |   |   | implementation objects is already controlled by
  |   |   | 
  |   |   |   |          sm.checkCreateClassLoader();
  |   |   |   | 
  |   |   | checks. 
  |   | 
  |   | An uninitiated system administrator configuring the security manager policy can
wrongly configure any user applications to have "all" permissions, which means
any controls we have placed for security are negated (including checkCreateCL).
  | 
  | I don't see your point? If the administrator configures it wrong then
  | there's nothing we can do about it.
  | That's like saying you should ban cutlery because you can stab yourself in the
eye
  | with a fork. ;-)

I am commenting on "I also don't see the need for the permission to set the
codesource generator.
  |   | If somebody can get access to the policy then can make all sorts of other
  |   | changes anyway. 

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188154#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149