geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "hbaxmann" <hol...@bitwind.org>
Subject AW: Security stuff
Date Tue, 11 May 2004 12:34:04 GMT
> On Tue, May 11, 2004 at 01:21:16PM +0200, hbaxmann wrote:
> > > > 0. Take the security issue seriously with "class HelloWorld 
> > > could not be
> > > > loaded because of security exception" kind of art using the 
> > > already existing
> > > > java.security and java.policy thingy in conjuntion with a signed
> > > > org.apache.geronimo.system.main.Daemon geronimo-system-*.jar.
> > > > 
> > > 
> > > We definitely have these thoughts on our radar and plan 
> on being total
> > > security nuts.  We'd even like to sign things like our 
> own packaged
> > > components which contain all the classes and configs of something
> > > Geronimo loads into its container as an actually part the system.
> > > 
> > 
> > Mhhhm, there are well known J2EE implementations which are 
> able no more to
> > introduce a AOP-proved security because the whole thing has to be
> > "refactored": rewritten. Are there any standardization 
> efforts in inventing
> > or using a already existent _idenfication_mechanism_ for 
> class _instances_ ?
> > 
> > Otherwise IMHO one will end up with a 
> 'turn-one-key-open-all-doors' AOP
> > crap.
> 
> You missunderstood.  The tidbit I just mentioned is an 
> additional step for distrobution security, like PGP signing 
> of tar.gz and zip files on the Apache download sites, not a 
> replacement for runtime security.

Uhu, now I understoud. But regarding the runtime security: it doesn't exist
at all in the default config of the JVM, does she? Agreed?
  
> I was just concurring and 
> adding that we are not 'one-key-opens-all-doors' kind of thinkers.

That's why im posting here.
Please accept my apologies. This is caused by a misunderstanding on my side,
sorry for my bad english writing and reading and understanding - I never
ever thought of something near this about you. 

> Security should be a layered onion, not an achilles heal.

Yeap, my questions are about the most inner skin of the onion.

bax


Mime
View raw message