geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <david.blev...@visi.com>
Subject Re: Security stuff
Date Tue, 11 May 2004 11:36:55 GMT
On Tue, May 11, 2004 at 01:21:16PM +0200, hbaxmann wrote:
> > > 0. Take the security issue seriously with "class HelloWorld 
> > could not be
> > > loaded because of security exception" kind of art using the 
> > already existing
> > > java.security and java.policy thingy in conjuntion with a signed
> > > org.apache.geronimo.system.main.Daemon geronimo-system-*.jar.
> > > 
> > 
> > We definitely have these thoughts on our radar and plan on being total
> > security nuts.  We'd even like to sign things like our own packaged
> > components which contain all the classes and configs of something
> > Geronimo loads into its container as an actually part the system.
> > 
> 
> Mhhhm, there are well known J2EE implementations which are able no more to
> introduce a AOP-proved security because the whole thing has to be
> "refactored": rewritten. Are there any standardization efforts in inventing
> or using a already existent _idenfication_mechanism_ for class _instances_ ?
> 
> Otherwise IMHO one will end up with a 'turn-one-key-open-all-doors' AOP
> crap.

You missunderstood.  The tidbit I just mentioned is an additional step for distrobution security,
like PGP signing of tar.gz and zip files on the Apache download sites, not a replacement for
runtime security.  I was just concurring and adding that we are not 'one-key-opens-all-doors'
kind of thinkers.

Security should be a layered onion, not an achilles heal.

-David

Mime
View raw message