directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <>
Subject RE: Access to LdapPrincipal constructor
Date Mon, 02 May 2005 15:16:40 GMT
Niclas Hedhman wrote:

> Protecting fields, methods and constructors is no real protection at
> all, unless combined with proper security policies and the use of
> AccessController.doPriviliged().

This is not necessarily an issue for the core code, although it could be if
we want to provide maximum control to administrators, but should be applied
to all pluggable code.

> If no such thoughts has been spent on the subject, perhaps it is soon
> time to start a security review of the entire system.

Do you want to make that review a project for yourself?

	--- Noel

View raw message