geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jarek Gawor" <jga...@gmail.com>
Subject Re: basic security review
Date Fri, 02 Nov 2007 21:18:31 GMT
Folks,

We added a bunch of tests in the last few days but we still need some
help identifying and reviewing the components. Please see the wiki
page ( http://cwiki.apache.org/confluence/display/GMOxDEV/Security+Review)
for latest updates.

Thanks,
Jarek

On 10/29/07, Jarek Gawor <jgawor@gmail.com> wrote:
> A few security problems were discovered in Geronimo in the last few
> months and weeks. Most of them were Geronimo-specific except one.
> Therefore, I think we should spend a little bit of our time to review
> our code and check for potential security problems.
> As the first step, I think we should identify components that make
> security decisions (e.g. LoginModules) or enable access to server
> management and control (e.g. MEJB) or any other components that might
> be important for sever security.
> Once we have a few components identified we can start the review.
> Besides finding and fixing the potential security problems during the
> review we must also ensure that we have decent tests for these
> components that cover a range of inputs. For each problem that we do
> discover, we must write a test case to make sure it never happens
> again. Basically, a problem is not fully addressed until we have a
> test for it.
>
> For now, I created the following page where we can keep track of the
> components and the review:
> http://cwiki.apache.org/confluence/display/GMOxDEV/Security+Review
> Feel free to update it in any way.
>
> Opinions? Ideas? Thoughts?
>
> Jarek
>

Mime
View raw message