[wildfly-dev] my 2 cents on Security Manager discussion

arjan tijms arjan.tijms at gmail.com
Tue Apr 22 06:17:54 EDT 2014


Hi,


On Tue, Apr 22, 2014 at 8:54 AM, Panzer, Robert <
Robert.Panzer at wincor-nixdorf.com> wrote:

>
> The Java Security Manager makes a lot of sense also on the server side
> when you are building component based software and want for instance to
> ensure that some components are eligible to access some data and others are
> not.
>
>
>
> If you can ensure that most components are not able to access certain
> sensitive data then you can skip them in security audits and that’s a great
> win!
>

It does sound like a somewhat viable use case indeed, although in practice
it looks like few people walk that road (or maybe it are just my limited
amount of observations). What I did see (occasionally) happening in this
case is that people ran that single component that's capable of accessing
sensitive data in a separate JVM/virtual machine and then communicate with
it via a well-defined authenticated/secured interface.

That particular component is then protected by the OS' process model and
memory protection and the rest of the code doesn't suffer from the
performance degradation and coding complexities of the JSM.

If there's a LOT of communication with that particular component then I
guess running them both in the same JVM with the JSM enabled might
theoretically be better for performance, but I personally just haven't seen
this in practice.

Kind regards,
Arjan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20140422/c26546f5/attachment.html 


More information about the wildfly-dev mailing list