[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149
anil.saldhana@jboss.com
do-not-reply at jboss.com
Mon Nov 10 09:43:14 EST 2008
"adrian at jboss.org" wrote :
| I also don't see the need for the permission to set the codesource generator.
| If somebody can get access to the policy then can make all sorts of other
| changes anyway. Getting access to the classloader
| implementation objects is already controlled by
|
| | sm.checkCreateClassLoader();
| |
| checks.
An uninitiated system administrator configuring the security manager policy can wrongly configure any user applications to have "all" permissions, which means any controls we have placed for security are negated (including checkCreateCL).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188145#4188145
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4188145
More information about the jboss-dev-forums
mailing list