ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@cortexebusiness.com.au
Subject Ant Security
Date Tue, 09 Jul 2002 12:25:16 GMT
I see a lot of discussion in the antlib/ant2 threads about automatic 
download of required jars. To me this raises some security concerns. It 
would be quite simple for this mechanism to be abused to load 
unauthorized code onto a user's machine. Already, today, the ability to 
<get> and <exec> exists. The addition of proxy capability will only make 
this easier.

I've started to address this in Mutant with a simple policy file. I did 
reorganize the directory structure to make it more convenient for 
specifying the policy permissions.

Anyway, I though it was worth raising the issue now for discussion 
especially as the concept of an Ant1 antlib is again on the agenda.\

Thoughts?

Conor

--
To unsubscribe, e-mail:   <mailto:ant-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:ant-dev-help@jakarta.apache.org>


Mime
View raw message