geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <david.blev...@visi.com>
Subject Re: Security stuff
Date Tue, 11 May 2004 11:03:23 GMT
On Tue, May 11, 2004 at 10:44:30AM +0200, hbaxmann wrote:
> > > Obviously this is an integration point that will require 
> > code changes in Geronimo, Jetty, and OpenEJB.  We wouldn't be 
> > tied to each other specifically, but to the JAAS and JACC 
> > specs as required by J2ee 1.4
> > > 
> > > Anyone have any feedback on what it will take to get the 
> > following working?
> > > 
> 
> Just an idea:
> 
> 0. Take the security issue seriously with "class HelloWorld could not be
> loaded because of security exception" kind of art using the already existing
> java.security and java.policy thingy in conjuntion with a signed
> org.apache.geronimo.system.main.Daemon geronimo-system-*.jar.
> 

We definitely have these thoughts on our radar and plan on being total
security nuts.  We'd even like to sign things like our own packaged
components which contain all the classes and configs of something
Geronimo loads into its container as an actually part the system.

-David

Mime
View raw message