[jboss-dev-forums] [Design of POJO Server] - Re: ManagedOperation aspects for the ProfileService.Manageme
adrian@jboss.org
do-not-reply at jboss.com
Fri Sep 21 11:00:06 EDT 2007
"alesj" wrote :
| Is this enough:
|
The question is will the callers have that privilege.
e.g. Where this occurs is when somebody is deploying a bean from xml
That will run under the privileges of whoever registered the MC context.
We should be testing whether they can get access to the classloader
of the other context to create the objects, otherwise it is a security hole.
We don't want somebody using the MC to create objects they wouldn't otherwise
have access to.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4087287#4087287
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4087287
More information about the jboss-dev-forums
mailing list