river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregg Wonderly <gr...@wonderly.org>
Subject Re: Split JavaSpaces and JINI
Date Thu, 11 Dec 2008 23:33:42 GMT
Wade Chandler wrote:
> ----- Original Message ----
>> From: Gregg Wonderly <gergg@cox.net>
>> To: river-dev@incubator.apache.org
>> Sent: Thursday, December 11, 2008 11:36:55 AM
>> Subject: Re: Split JavaSpaces and JINI
>> Wade Chandler wrote:
>>>  Does anyone else have a site they are able to write articles?
>> We can put anything we want on jini.dev.java.net, and jini.org.
>> What target audience are you thinking of?
> Well, from my perspective it would be different targets. Web service
> discovery, database server discovery, login servers, ldap, etc through
> Jini to make enterprise desktop applications discover resources in the
> intranet etc. Different ways to work with NetBeans and use Jini. All
> kinds of things really. I'm thinking that is part of Jinis problem.

Well one issue with netbeans is the fact that it doesn't have a real 
SecurityManager implementation.  It's not pluggable either.  That means that if 
I put together a Jini module for netbeans, and it has discovery and code 
download in it, I am opening the users to viral services.  That door has to be 
closed.  I brought it up more than a year ago.  I haven't had any chance to work 
on this issue with the dev team, other than some discussion that melted away.

For Java mobile code, the SecurityManager is the key issue!  We have to figure 
out how to simplify this to a non-threat, up front, or it will be a constant 
point of frustration.  Running all the services in one JVM with the users code, 
and no network access is one way to create an IDE development environment.  But 
that supposes that the user will never want to test their service/client with 
something elsewhere on the network.

When they go from no-network to on-the-network, how will we make sure we don't 
open them to all sorts of problems?  There would need to be some kind of wizard 
that said "here's the lookup groups that are active, which to you want to use".

Then, it might provide some ability to select a service by type etc.

But, for all of this to really work safely, we have to have a "no-live-object" 
lookup...As I described in my previous email a few weeks ago...

Gregg Wonderly

View raw message