river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis Reedy <dennis.re...@gmail.com>
Subject Re: Towards Internet Jini Services (trust)
Date Tue, 05 Oct 2010 13:48:33 GMT

On Oct 5, 2010, at 727AM, Sim IJskes - QCG wrote:

> On 10/05/2010 01:07 PM, Peter Firmstone wrote:
>> Yes I think Sim is talking about making trust decisions and Michal and I
>> are talking about the handshake, we need both, I don't think we're
>> having an issue of agreement, just understanding.
> 
> No, i'm talking about both.
> 
> Before you can unmarshall, you need code. This code is loaded by a classloader. The ONLY
place where we can check code, is this classloader.

Just curious here, what if the decision was that you can only load classes locally? That in
order to get your classes you had to first download the jars from a (trusted) server (perhaps
even prompting the user to accept the download?). You would verify the authenticity of those
jars before creating a classloader to load the required classes. If you already have the jars
(locally) necessary, why download them again? 

Consider you already have the service's interface (and any other supporting classes) in your
classpath to begin with (which is loaded locally), why not provision the remote service's
proxy jars first before connecting to the service? Appropriate handshaking happens to connect
to the remote service of course, but do you take the dynamic insecure class loading out of
the equation this way?

Dennis
Mime
View raw message