[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149
adrian@jboss.org
do-not-reply at jboss.com
Thu Nov 6 14:44:43 EST 2008
"david.lloyd at jboss.com" wrote :
| If you make the stop() method run privileged, won't you make it kind of easy to defeat the security manager (by simply undeploying the bean, or even just getting the bean by name, or creating an instance of it, and manually calling stop() on it from hostile code)?
|
That's a different issue. We already said that we need a permission
within the MC that controls who can inject/install what into what or who can
invoke on what through the kernel bus.
Currently there's no fine-grained permission, only one big permission
on whether you can access the kernel(controller).
Ales do you have a JIRA for that? Or have you already done it without me
noticing as usual? ;-)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187505#4187505
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4187505
More information about the jboss-dev-forums
mailing list