Hi,

On Tue, Apr 22, 2014 at 8:54 AM, Panzer, Robert <Robert.Panzer@wincor-nixdorf.com> wrote:

The Java Security Manager makes a lot of sense also on the server side when you are building component based software and want for instance to ensure that some components are eligible to access some data and others are not.

If you can ensure that most components are not able to access certain sensitive data then you can skip them in security audits and that’s a great win!

It does sound like a somewhat viable use case indeed, although in practice it looks like few people walk that road (or maybe it are just my limited amount of observations). What I did see (occasionally) happening in this case is that people ran that single component that's capable of accessing sensitive data in a separate JVM/virtual machine and then communicate with it via a well-defined authenticated/secured interface.

That particular component is then protected by the OS' process model and memory protection and the rest of the code doesn't suffer from the performance degradation and coding complexities of the JSM.

If there's a LOT of communication with that particular component then I guess running them both in the same JVM with the JSM enabled might theoretically be better for performance, but I personally just haven't seen this in practice.

Kind regards,
Arjan