12:31 p.m.
Secure remote classloading
--------------------------
Key: JBREM-929
URL: http://jira.jboss.com/jira/browse/JBREM-929
Project: JBoss Remoting
Issue Type: Task
Security Level: Public (Everyone can see)
Reporter: David Lloyd
Fix For: 3.0.0-M3
Remote classloading should be allowed only if either (a) a security manager is installed
(and thus the security manager would create the policy) or (b) a specific option is
enabled (which would be disabled by default) to allow it.
Also, the remote classloader needs to be able to work with the standard security manager
policy - which is to say, that classes loaded from a remote service need to have a unique
codeBase URL so that administrators can grant permission to remote classes based on the
service from whence they came.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:04 p.m.
New subject: [JBoss JIRA] Updated: (JBREM-929) Secure remote classloading
[
https://jira.jboss.org/jira/browse/JBREM-929?page=com.atlassian.jira.plug...
]
David Lloyd updated JBREM-929:
------------------------------
Fix Version/s: 3.0.0.Beta1
(was: 3.0.0-M3)
Secure remote classloading
--------------------------
Key: JBREM-929
URL: https://jira.jboss.org/jira/browse/JBREM-929
Project: JBoss Remoting
Issue Type: Task
Security Level: Public(Everyone can see)
Reporter: David Lloyd
Fix For: 3.0.0.Beta1
Remote classloading should be allowed only if either (a) a security manager is installed
(and thus the security manager would create the policy) or (b) a specific option is
enabled (which would be disabled by default) to allow it.
Also, the remote classloader needs to be able to work with the standard security manager
policy - which is to say, that classes loaded from a remote service need to have a unique
codeBase URL so that administrators can grant permission to remote classes based on the
service from whence they came.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
1:57 a.m.
New subject: [JBoss JIRA] Updated: (JBREM-929) Secure remote classloading
[
https://jira.jboss.org/jira/browse/JBREM-929?page=com.atlassian.jira.plug...
]
David Lloyd updated JBREM-929:
------------------------------
Fix Version/s: 3.1.0.Beta1
(was: 3.0.0.Beta1)
Moving to 3.1.0 - Remote VFS seems to have the most support as far as an overall approach.
So this may not end up being a Remoting issue after all.
Secure remote classloading
--------------------------
Key: JBREM-929
URL: https://jira.jboss.org/jira/browse/JBREM-929
Project: JBoss Remoting
Issue Type: Task
Security Level: Public(Everyone can see)
Reporter: David Lloyd
Fix For: 3.1.0.Beta1
Remote classloading should be allowed only if either (a) a security manager is installed
(and thus the security manager would create the policy) or (b) a specific option is
enabled (which would be disabled by default) to allow it.
Also, the remote classloader needs to be able to work with the standard security manager
policy - which is to say, that classes loaded from a remote service need to have a unique
codeBase URL so that administrators can grant permission to remote classes based on the
service from whence they came.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:17 a.m.
New subject: [JBoss JIRA] Updated: (JBREM-929) Secure remote classloading
[
https://jira.jboss.org/jira/browse/JBREM-929?page=com.atlassian.jira.plug...
]
David Lloyd updated JBREM-929:
------------------------------
Fix Version/s: 3.1.0.CR1
(was: 3.1.0.Beta1)
Secure remote classloading
--------------------------
Key: JBREM-929
URL: https://jira.jboss.org/jira/browse/JBREM-929
Project: JBoss Remoting
Issue Type: Task
Security Level: Public(Everyone can see)
Reporter: David Lloyd
Fix For: 3.1.0.CR1
Remote classloading should be allowed only if either (a) a security manager is installed
(and thus the security manager would create the policy) or (b) a specific option is
enabled (which would be disabled by default) to allow it.
Also, the remote classloader needs to be able to work with the standard security manager
policy - which is to say, that classes loaded from a remote service need to have a unique
codeBase URL so that administrators can grant permission to remote classes based on the
service from whence they came.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5168
days inactive
5886
days old
jboss-remoting-issues@lists.jboss.org
3 comments
1 participants
participants (1)
-
David Lloyd (JIRA)