river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sim IJskes - QCG <...@qcg.nl>
Subject Re: Towards Internet Jini Services (trust)
Date Mon, 04 Oct 2010 10:37:15 GMT
On 10/01/2010 03:00 PM, Michal Kleczek wrote:
> 3. I agree with Tom that making sure the code comes from a known source is
> enough to make a decision whether to run this code or not. But Jini already
> checks that (well... almost)- the only hole is that the check is done _after_
> deserialization - so it means the code was executed _before_ the check was
> done. My question actually is - why don't we check an object before it is
> deserialized?

A possible solution might be, to enforce code download to use TLS and 
verify if the othersides ceritificate matches the downloaders trustlist. 
We can extends this by enforcing the downloaded jars/classes to be 
signed with a similar certificate.

A "once bitten measure" could be, if a server violates this rule, it 
will automatically be taken of the trustlist.

Gr. Sim


Mime
View raw message