river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter <j...@zeus.net.au>
Subject Re: another interesting link
Date Tue, 26 Jul 2016 01:58:01 GMT
Note the comment about security on the blog?

Steps I've taken to simplify security (that could also be adopted by river):
1. Deprecate proxy trust, replace with authenticate service prior to obtaining proxy.
2. proxy codebase jars contain a list of requested permissions to be granted to the jar signer
and url (client need not know in advance).
3. Policy file generation, least privilege principles (need to set up command line based output
for admin verification of each permission during policy generation).
4 Input validation for serialization.
5. DownloadPermission automatically granted to authenticated registrars (to signer and url,
very specific) during multicast discovery.

Need to more work around simplification of certificate management.


Sent from my Samsung device.
  Include original message
---- Original message ----
From: Peter <jini@zeus.net.au>
Sent: 26/07/2016 10:27:59 am
To: dev@river.apache.org <dev@river.apache.org>
Subject: another interesting link


Sent from my Samsung device.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message