geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Max Kington" <max.king...@flytxt.com>
Subject RE: Security stuff
Date Tue, 11 May 2004 11:40:01 GMT


-----Original Message-----
From: David Blevins [mailto:david.blevins@visi.com]
Sent: 11 May 2004 12:37
To: geronimo-dev@incubator.apache.org
Subject: Re: Security stuff


On Tue, May 11, 2004 at 01:21:16PM +0200, hbaxmann wrote:
> > > 0. Take the security issue seriously with "class HelloWorld
> > could not be
> > > loaded because of security exception" kind of art using the
> > already existing
> > > java.security and java.policy thingy in conjuntion with a signed
> > > org.apache.geronimo.system.main.Daemon geronimo-system-*.jar.
> > >
> >
> > We definitely have these thoughts on our radar and plan on being total
> > security nuts.  We'd even like to sign things like our own packaged
> > components which contain all the classes and configs of something
> > Geronimo loads into its container as an actually part the system.
> >
>
> Mhhhm, there are well known J2EE implementations which are able no more to
> introduce a AOP-proved security because the whole thing has to be
> "refactored": rewritten. Are there any standardization efforts in
inventing
> or using a already existent _idenfication_mechanism_ for class _instances_
?
>
> Otherwise IMHO one will end up with a 'turn-one-key-open-all-doors' AOP
> crap.

> > >You missunderstood.  The tidbit I just mentioned is an additional step
for distrobution security, like PGP signing of tar.gz and zip files on the
Apache > > >download sites, not a replacement for runtime security.  I was
just concurring and adding that we are not 'one-key-opens-all-doors' kind of
thinkers.

> > >Security should be a layered onion, not an achilles heal.
Yes, but at the same time it should be easy to use and configure, added
complexity leads to mistakes
when people have to configure around your protocols, the onion shouldn't
make you cry :-)

Max

> > >-David


Mime
View raw message