river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Simple security change - DownloadPermission
Date Sat, 28 Jan 2012 01:04:42 GMT
I've been thinking about the practicalities of a djinn running in 
untrusted networks (internet), the first thing that springs to mind is, 
security is much simpler if people can get away with only "dumb" or 
reflective proxies.

I'd like to the see the default security setup requiring DownloadPermission.

I we sign our download jars (a number of developers could do this, 
requiring at least this group of signers), a standard policy file 
template could include a certificate grant for DownloadPermission, 
allowing anyone to load classes from a standard River download proxy.

This gets our smart proxy's out of the way.

Then all developers need to worry about are Principals and 
MethodConstraints, allowing people to get started using River with 
reflective proxy's over the internet.

Later if people want to get into smart proxy's that power's still there, 
this change prevents unauthorised class loading.



View raw message