incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <Janne.Jalka...@ecyrd.com>
Subject Re: auth problems with Oracle AS
Date Wed, 21 Nov 2007 22:10:51 GMT
> Janne, if you want, I can dust off Kissinger (har har) and see  
> what's required to get it working.

I have to admit that this joke goes way over my head.  I seem to  
recall that Monty Python had a song about a Henry Kissinger...

> In the meantime, the best thing to do is start looking for code  
> that calls methods that require privilege checks (notably file  
> access, serialization, system properties, SQL, reflection) and put  
> doPrivileged() blocks around them. The list of methods that require  
> permissions are here:

Taking a quick look at Stripes (reflection) and Hibernate (SQL),  
neither of them have doPrivileged() blocks anywhere in the code.   
Does it mean that nobody can use them in standard J2EE containers?   
I'd wager not.

Also, don't we have to give the same permissions to *all* of the sub- 
libraries?  Wouldn't it effectively nullify any benefit from security  
of the internal app, if it can access anything through external  
libraries?

/Janne

Mime
View raw message