devicemap-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Werner Keil (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DMAP-54) Improve Console example
Date Sat, 03 Jan 2015 12:57:34 GMT

    [ https://issues.apache.org/jira/browse/DMAP-54?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14263523#comment-14263523
] 

Werner Keil commented on DMAP-54:
---------------------------------

Please note, there is a rift between "Console example", which this ticket is actually about
and classifier.Main class which your diff file tells is about.

There is one of 5 examples I also demonstrated at selected events 
 org.apache.devicemap.example.console.Example which I made usable based on an early draft
(see related ticket) 

However, there is also the classifier.Main class. IMHO mixing these 2 in a single (monolithic)
project is another short-sighted hack. The client should not necessarily expose a "command
line console" at least not in the same JAR, since it'll always be inseparable and nothing
prevents either a legitimate user or hacker who gained access to a server from using this
command line client within the library JAR. There are numerous large companies, especially
banks, etc. where this is an absolute NO-GO, while a separate JAR (doesn't have to be called
"example") would be fine. Even if access to the resource files may be read only as it's currently
the case with DeviceMap, a hacker or malware could still run DOS attacks by executing batch
scripts with millions of UAs against this tool, while inside proper containers their security
managers usually prevent this. All of these so called "Java viruses" affected SE and parts
that run standalone or at least via Applet. 

So aside from poor design by putting everything into a single JAR and module it poses a security
loophole.
Beside this security aspect, do you plan to maintain a command line and command line example
separately if they not only access the same client JAR but do pretty much the same thing?

> Improve Console example
> -----------------------
>
>                 Key: DMAP-54
>                 URL: https://issues.apache.org/jira/browse/DMAP-54
>             Project: DeviceMap
>          Issue Type: Task
>          Components: Java Client, Java Examples
>            Reporter: Werner Keil
>            Assignee: Werner Keil
>              Labels: console, example
>             Fix For: 1.0.0 Java Examples
>
>         Attachments: cmd.diff
>
>
> Pass UA parameter to override the default if provided



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message