geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject GBean permissions: how important are they?
Date Fri, 08 Feb 2008 09:43:27 GMT
I have always felt that Geronimo won't be suitable for a hosting kind of
environment where applications owned by unrelated parties may be hosted on
the same server (does such a thing happen in reality?).  Irrespective of
this, GBeans permissions appears to be something we can consider to have.
The following is an excerpt from a private conversation I had with David
Jencks on IRC.  Read on...

*vamsic007:* The usability of Geronimo in a hosting kind of environment has
always bothered me.
*djencks  :* how?
*vamsic007:* Any application running in G can get hold of any other
application related GBeans and do what ever
*vamsic007:* Any app can stop any configuration it wishes to
*djencks  :* realistically does anyone run apps from unrelated people on the
same server?
*vamsic007:* won't that be the situation in a hosting environment?
*djencks  :* I don't know
*djencks  :* I would expect if I rent server space I'd probably get my own
vm
*djencks  :* but I'm not a hosting company
*vamsic007:* hmm...
*vamsic007:* will have to find out if my concern is genuine or I am worried
unnecessarily.
*vamsic007:* I always thought that we should have a mechanism to enforce
GBean permissions.
*djencks  :* I can see several places gbean permissions could work
*djencks  :* 1. getting gbean from kernel. This is pretty non-intrusive
*djencks  :* 2. actually calling operations/accessing attributes on a gbean.
I think this would require putting proxies back in
*djencks  :* there's also a bootstrap question of what enforces the
permissions until the jacc system is operational
*djencks  :* since e.g datasources bound in jndi end up calling a gbean
operation to get the datasource, this would have a lot of intersection with
the normal server operations
*vamsic007:* May be I will initiate a discussion on this on
private@geronimoto get others inputs too. I do not want to go on
dev-list coz it is related
to security and do not want to make the users feel insecure unnecessarily.
*djencks  :* I'd prefer to talk about it on dev, I think we could use all
the input we can get.
*vamsic007:* thanks David.

Comments?  Suggestions?  Am I worried unnecessarily?  Are GBean permissions
something that we should consider?

Thank you.

++Vamsi

Mime
View raw message