Return-Path: X-Original-To: apmail-jackrabbit-oak-dev-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 61F3C988A for ; Wed, 13 Jun 2012 07:56:31 +0000 (UTC) Received: (qmail 88797 invoked by uid 500); 13 Jun 2012 07:56:31 -0000 Delivered-To: apmail-jackrabbit-oak-dev-archive@jackrabbit.apache.org Received: (qmail 88715 invoked by uid 500); 13 Jun 2012 07:56:31 -0000 Mailing-List: contact oak-dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-dev@jackrabbit.apache.org Received: (qmail 88695 invoked by uid 99); 13 Jun 2012 07:56:30 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Jun 2012 07:56:30 +0000 X-ASF-Spam-Status: No, hits=-1.6 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [64.18.1.189] (HELO exprod6og105.obsmtp.com) (64.18.1.189) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Jun 2012 07:56:24 +0000 Received: from outbound-smtp-2.corp.adobe.com ([193.104.215.16]) by exprod6ob105.postini.com ([64.18.5.12]) with SMTP ID DSNKT9hHkicj8q5AB6NHRlVNKPqg/j8qIzFJ@postini.com; Wed, 13 Jun 2012 00:56:03 PDT Received: from inner-relay-1.corp.adobe.com (inner-relay-1.corp.adobe.com [153.32.1.51]) by outbound-smtp-2.corp.adobe.com (8.12.10/8.12.10) with ESMTP id q5D7u1X9013850 for ; Wed, 13 Jun 2012 00:56:01 -0700 (PDT) Received: from nacas02.corp.adobe.com (nacas02.corp.adobe.com [10.8.189.100]) by inner-relay-1.corp.adobe.com (8.12.10/8.12.10) with ESMTP id q5D7u0vm005234 for ; Wed, 13 Jun 2012 00:56:00 -0700 (PDT) Received: from eurhub01.eur.adobe.com (10.128.4.30) by nacas02.corp.adobe.com (10.8.189.100) with Microsoft SMTP Server (TLS) id 8.3.192.1; Wed, 13 Jun 2012 00:56:00 -0700 Received: from susi.local (10.136.131.146) by eurhub01.eur.adobe.com (10.128.4.111) with Microsoft SMTP Server id 8.3.192.1; Wed, 13 Jun 2012 08:55:58 +0100 Message-ID: <4FD8478E.8080204@apache.org> Date: Wed, 13 Jun 2012 08:55:58 +0100 From: =?ISO-8859-1?Q?Michael_D=FCrig?= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Subject: Re: NodeDelegate leakage from NodeImpl References: In-Reply-To: Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org On 13.6.12 8:04, Thomas Mueller wrote: > Hi, > >> This defeats the original intent of the >> separation of NodeImpl and NodeDelegate (OAK-84) >> users should not be able to gain access to internals by hacking NodeImpl. > > > Hm, is this a security problem? Do we want to protect the data from users > of the JCR API? No, its about making it as difficult as possible to mess things up by using internals. I.e. its about avoiding the ((NodeImpl) node).messWithMe(); pattern. Michael > > Or do we want to protect the data within the Oak implementation (use a > better abstraction)? > >> But precisely this >> is now possible when a user put his code into the >> org.apache.jackrabbit.oak.jcr package. > > A attacker could always use reflection (setAccessible(true)). If we want > real protection, we would have to enforce using a SecurityManager. Then we > could seal the package [1] > > [1] http://docs.oracle.com/javase/tutorial/deployment/jar/sealman.html > > Regards, > Thomas > > > > > > > > On 6/7/12 1:07 PM, "Michael D�rig" wrote: > >> >> Hi, >> >> I noticed that since revision 1344662 NodeImpl has an (package private) >> accessor for NodeDelegate. This defeats the original intent of the >> separation of NodeImpl and NodeDelegate (OAK-84): users should not be >> able to gain access to internals by hacking NodeImpl. But precisely this >> is now possible when a user put his code into the >> org.apache.jackrabbit.oak.jcr package. >> >> Michael >> >> >