Re: [rules-users] Security test cases for Drools
Against external attacks, Drools supports knowledge base signing and
checking using standard asymmetric keys infrastructure. Regarding the web
application, I will let one of the guvnor guys to talk about. Against
internal attacks, i.e., someone deliberately adding a malicious rule into
the application, the only way is through company policies and processes
that ensure a workflow for rule approval. Drools offers audit logs
(runtime) and standard versioning history (in guvnor, authoring time) to
track changes.
Edson
On Wed, Nov 9, 2011 at 11:42 AM, kapokfly <ivan.jiang.ww(a)foxmail.com> wrote:
Not sure if anyone can share their experiences what kind of test
cases on
Drools security should be developed and ensured?
As the rule is just a piece of codes in String format which can be hooked
into JVM, we can assume that might open some holes and necessary security
test cases need to be designed against.
Anyone can share their experiences on this?
Thanks...
--
View this message in context:
http://drools.46999.n3.nabble.com/Security-test-cases-for-Drools-tp349407...
Sent from the Drools: User forum mailing list archive at Nabble.com.
_______________________________________________
rules-users mailing list
rules-users(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users
--
Edson Tirelli
JBoss Drools Core Development
JBoss by Red Hat @ www.jboss.com
Attachments:
- attachment.html (text/html — 2.1 KB)