[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

Thursday, 6 November 2008

&quot;david.lloyd(a)jboss.com&quot; wrote : 
  | If you make the stop() method run privileged, won't you make it kind of easy to
defeat the security manager (by simply undeploying the bean, or even just getting the bean
by name, or creating an instance of it, and manually calling stop() on it from hostile
code)?
  | 

That's a different issue. We already said that we need  a permission
within the MC that controls who can inject/install what into what or who can
invoke on what through the kernel bus.

Currently there's no fine-grained permission, only one big permission
on whether you can access the kernel(controller).

Ales do you have a JIRA for that? Or have you already done it without me
noticing as usual? ;-)

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187505#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149