[wildfly-dev] my 2 cents on Security Manager discussion

Tue Apr 22 07:09:02 EDT 2014

Sent from my iPhone

> On 22 Apr 2014, at 16:54, "Panzer, Robert" <Robert.Panzer at wincor-nixdorf.com> wrote:
> 
> Hi,
>  
> Just want to throw in my other cent:
>  
> The Java Security Manager makes a lot of sense also on the server side when you are building component based software and want for instance to ensure that some components are eligible to access some data and others are not.
>  
> If you can ensure that most components are not able to access certain sensitive data then you can skip them in security audits and that’s a great win!
>  
> Javas visibility is not capable of handling this.

We are trying to make running under a security manager as easy as possible, just not by default.

Stuart

>  
> Kind regards,
> Robert
>  
> From: wildfly-dev-bounces at lists.jboss.org [mailto:wildfly-dev-bounces at lists.jboss.org] On Behalf Of Anil Saldhana
> Sent: Monday, April 21, 2014 8:29 PM
> To: wildfly-dev at lists.jboss.org
> Subject: Re: [wildfly-dev] my 2 cents on Security Manager discussion
>  
> On 04/19/2014 12:43 PM, arjan tijms wrote:
> Hi,
>  
> Just wondering, but what is the primary use case for a security manager server side?
>  
> While the model obviously makes sense for Applets and Webstart where untrusted code is executed on the user's machine, I found it to be extremely rare for a server to run untrusted code. In fact, I don't think I've ever seen this situation.
> I agree with what you are saying. Unfortunately there are a handful of users/developers/sys-admins who are required to run the JVM under the JSM. Might be corporate policy or compliance etc.
> Luckily they are a minority. They always pinpoint if there are any particular permission failing under the JSM.
> 
> The JSM was really invented around the applet era and has really not seen any major adaptation/overhaul for the s/w industry growth.
> 
> 
>  
> There's maybe a case to prevent privilege escalation in case of a legitimate app being hacked, but in practice it doesn't look like a security manager is really being used a lot for that, is it? Instead the default thing to do there seems to be to run the AS under a user with limited rights on the host OS and/or use things like SELinix or Virtual Servers (e.g. XEN) to isolate the complete AS.
>  
> Kind regards,
> Arjan Tijms
>  
>  
>  
>  
> 
> On Sat, Apr 19, 2014 at 1:53 AM, Jason T. Greene <jgreene at redhat.com> wrote:
> 
> 
> Sent from my iPhone
> 
> > On Apr 18, 2014, at 5:50 PM, Stuart Douglas <stuart.w.douglas at gmail.com> wrote:
> >
> >
> > Enabling the security manager by default is a terrible idea.
> 
> +1000
> ___________
>  
> WINCOR NIXDORF International GmbH
> Sitz der Gesellschaft: Paderborn
> Registergericht Paderborn HRB 3507
> Geschäftsführer: Eckard Heidloff (Vorsitzender), Dr. Jürgen Wunram (stellv. Vors.), Jens Bohlen, Olaf Heyden
> Vorsitzender des Aufsichtsrats: Dr. Alexander Dibelius
> Steuernummer: 339/5884/0020 - Ust-ID Nr.: DE812927716 - WEEE-Reg.-Nr. DE44477193
> 
> Diese E-Mail enthält vertrauliche Informationen.
> Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben,
> informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail.
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
> 
> This e-mail may contain confidential information.
> If you are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and destroy this e-mail.
> Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20140422/d74464ef/attachment.html 