geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject Re: GBean permissions: how important are they?
Date Fri, 08 Feb 2008 09:57:56 GMT
Looks like there is also a JIRA
https://issues.apache.org/jira/browse/GERONIMO-1487 created long time ago!!


On Feb 8, 2008 3:13 PM, Vamsavardhana Reddy <c1vamsi1c@gmail.com> wrote:

> I have always felt that Geronimo won't be suitable for a hosting kind of
> environment where applications owned by unrelated parties may be hosted on
> the same server (does such a thing happen in reality?).  Irrespective of
> this, GBeans permissions appears to be something we can consider to have.
> The following is an excerpt from a private conversation I had with David
> Jencks on IRC.  Read on...
>
> *vamsic007:* The usability of Geronimo in a hosting kind of environment
> has always bothered me.
> *djencks  :* how?
> *vamsic007:* Any application running in G can get hold of any other
> application related GBeans and do what ever
> *vamsic007:* Any app can stop any configuration it wishes to
> *djencks  :* realistically does anyone run apps from unrelated people on
> the same server?
> *vamsic007:* won't that be the situation in a hosting environment?
> *djencks  :* I don't know
> *djencks  :* I would expect if I rent server space I'd probably get my own
> vm
> *djencks  :* but I'm not a hosting company
> *vamsic007:* hmm...
> *vamsic007:* will have to find out if my concern is genuine or I am
> worried unnecessarily.
> *vamsic007:* I always thought that we should have a mechanism to enforce
> GBean permissions.
> *djencks  :* I can see several places gbean permissions could work
> *djencks  :* 1. getting gbean from kernel. This is pretty non-intrusive
> *djencks  :* 2. actually calling operations/accessing attributes on a
> gbean. I think this would require putting proxies back in
> *djencks  :* there's also a bootstrap question of what enforces the
> permissions until the jacc system is operational
> *djencks  :* since e.g datasources bound in jndi end up calling a gbean
> operation to get the datasource, this would have a lot of intersection with
> the normal server operations
> *vamsic007:* May be I will initiate a discussion on this on
> private@geronimo to get others inputs too. I do not want to go on dev-list
> coz it is related to security and do not want to make the users feel
> insecure unnecessarily.
> *djencks  :* I'd prefer to talk about it on dev, I think we could use all
> the input we can get.
> *vamsic007:* thanks David.
>
> Comments?  Suggestions?  Am I worried unnecessarily?  Are GBean
> permissions something that we should consider?
>
> Thank you.
>
> ++Vamsi
>
>

Mime
View raw message