geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Closed: (GERONIMO-643) transport guarantees on UDP not always enforced (at least w/jetty)
Date Tue, 17 May 2005 23:55:23 GMT
     [ ]
David Jencks closed GERONIMO-643:

    Resolution: Fixed

After studying this some more I'm fairly sure it is fixed.

> transport guarantees on UDP not always enforced (at least w/jetty)
> ------------------------------------------------------------------
>          Key: GERONIMO-643
>          URL:
>      Project: Geronimo
>         Type: Bug
>   Components: security
>     Versions: 1.0-M3
>     Reporter: David Jencks
>     Assignee: David Jencks

> The UserDataPermission for a request on an unprotected socket is constructed erroneously
with a transport guarantee of "N/A" rather than "NONE" (0 rather than 3).  As a result, the
UDP permission checks succeed rather than fail if url pattern and method match.  
> I believe but have not checked that this results in insecure access to resources that
are supposed to be under a transport guarantee only for unchecked resources.  I believe that
resources associated with a role have the transport guarantee at least partially enforced
by the login mechanism.
> I have not looked into what the tomcat integration does in this situation.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message