[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149 (Repost)
adrian@jboss.org
do-not-reply at jboss.com
Mon Nov 10 10:12:20 EST 2008
"anil.saldhana at jboss.com" wrote : anonymous wrote :
| | I don't see your point? If the administrator configures it wrong then
| | there's nothing we can do about it.
| | That's like saying you should ban cutlery because you can stab yourself in the eye
| | with a fork. ;-)
|
| I am commenting on "I also don't see the need for the permission to set the codesource generator.
| | | If somebody can get access to the policy then can make all sorts of other
| | | changes anyway.
So was I. If somebody has the createClassLoader permission then they can
do whatever they like. e.g. create their own classloader where the classes
get any permission they want to assign. Or give them a codesource
they know has AllPermission, etc.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188156#4188156
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4188156
More information about the jboss-dev-forums
mailing list