river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: servlet based JERI
Date Sun, 14 Feb 2010 22:24:12 GMT
I guess it could be designed in by noting what permissions are required 
in the source code. It is possible that the tool might miss a permission 
based on the execution path.  That's one thing I like about OSGi 
bundles, the author of the bundle specifies the permissions required to 
execute the code in the bundle.

The tool should be a good start.  Perhaps we might want to consider 
privileged code blocks, so the permissions aren't used for gaining 
access to anything else.  Just a thought.

If you come up with any thoughts or ideas, please let me know.



QCG - Sim IJskes wrote:
> Peter Firmstone wrote:
>> First use this tool to log the required set of permissions:
>> com.sun.jini.tool.DebugDynamicPolicyProvider
> I can do that, but shouldn't these be designed instead of measured?
> Gr. Sim

View raw message