[jboss-jira] [JBoss JIRA] Commented: (SECURITY-600) SecurityClientFactory.getSecurityClient(String) allows artbitrary/user code to be run in a priviledged block
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Mon Jun 13 17:59:23 EDT 2011
[ https://issues.jboss.org/browse/SECURITY-600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12608288#comment-12608288 ]
Anil Saldhana commented on SECURITY-600:
----------------------------------------
How different is this from users installing factories in the app server? When the AS is run under a JSM, the expectation is that the user/administrator is aware of the dangers of security permission provisioning.
> SecurityClientFactory.getSecurityClient(String) allows artbitrary/user code to be run in a priviledged block
> ------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-600
> URL: https://issues.jboss.org/browse/SECURITY-600
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Affects Versions: PicketBox_v4_0_beta4
> Reporter: Carlo de Wolf
> Assignee: Anil Saldhana
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list