[wildfly-dev] my 2 cents on Security Manager discussion

Panzer, Robert Robert.Panzer at wincor-nixdorf.com
Tue Apr 22 02:54:12 EDT 2014


Hi,

Just want to throw in my other cent:

The Java Security Manager makes a lot of sense also on the server side when you are building component based software and want for instance to ensure that some components are eligible to access some data and others are not.

If you can ensure that most components are not able to access certain sensitive data then you can skip them in security audits and that's a great win!

Javas visibility is not capable of handling this.

Kind regards,
Robert

From: wildfly-dev-bounces at lists.jboss.org [mailto:wildfly-dev-bounces at lists.jboss.org] On Behalf Of Anil Saldhana
Sent: Monday, April 21, 2014 8:29 PM
To: wildfly-dev at lists.jboss.org
Subject: Re: [wildfly-dev] my 2 cents on Security Manager discussion

On 04/19/2014 12:43 PM, arjan tijms wrote:
Hi,

Just wondering, but what is the primary use case for a security manager server side?

While the model obviously makes sense for Applets and Webstart where untrusted code is executed on the user's machine, I found it to be extremely rare for a server to run untrusted code. In fact, I don't think I've ever seen this situation.
I agree with what you are saying. Unfortunately there are a handful of users/developers/sys-admins who are required to run the JVM under the JSM. Might be corporate policy or compliance etc.
Luckily they are a minority. They always pinpoint if there are any particular permission failing under the JSM.

The JSM was really invented around the applet era and has really not seen any major adaptation/overhaul for the s/w industry growth.



There's maybe a case to prevent privilege escalation in case of a legitimate app being hacked, but in practice it doesn't look like a security manager is really being used a lot for that, is it? Instead the default thing to do there seems to be to run the AS under a user with limited rights on the host OS and/or use things like SELinix or Virtual Servers (e.g. XEN) to isolate the complete AS.

Kind regards,
Arjan Tijms




On Sat, Apr 19, 2014 at 1:53 AM, Jason T. Greene <jgreene at redhat.com<mailto:jgreene at redhat.com>> wrote:


Sent from my iPhone

> On Apr 18, 2014, at 5:50 PM, Stuart Douglas <stuart.w.douglas at gmail.com<mailto:stuart.w.douglas at gmail.com>> wrote:
>
>
> Enabling the security manager by default is a terrible idea.
+1000
___________


WINCOR NIXDORF International GmbH
Sitz der Gesellschaft: Paderborn
Registergericht Paderborn HRB 3507
Geschäftsführer: Eckard Heidloff (Vorsitzender), Dr. Jürgen Wunram (stellv. Vors.), Jens Bohlen, Olaf Heyden
Vorsitzender des Aufsichtsrats: Dr. Alexander Dibelius
Steuernummer: 339/5884/0020 - Ust-ID Nr.: DE812927716 - WEEE-Reg.-Nr. DE44477193

Diese E-Mail enthält vertrauliche Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail may contain confidential information.
If you are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail.
Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20140422/821d0caf/attachment-0001.html 


More information about the wildfly-dev mailing list