river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter <j...@zeus.net.au>
Subject Re: OSGi NP Complete Was: OSGi - deserialization remote invocation strategy
Date Tue, 14 Feb 2017 04:35:26 GMT
The certs aren't encoded in the codebase annotation, but sent in packets as strings and bytes
that are used to reconstruct the certificates during discovery.

The certs are also included in the jar file. If Download permission hasn't been granted, the
classes can't be defined.  DownloadPermission is incorrectly named, it should be called DefineClassPermission.

Regards,

Peter.

Sent from my Samsung device.
 
  Include original message
---- Original message ----
From: Michał Kłeczek <michal@kleczek.org>
Sent: 14/02/2017 01:45:43 am
To: dev@river.apache.org
Subject: Re: OSGi NP Complete Was: OSGi - deserialization remote invocation strategy

Peter wrote: 
> The codebase is signed and download permission is granted only to the signed codebase.

What is "signed codebase"? How do you encode the signature in the  
codebase annotation? 

Codebase of what service? 
All of them? 

Thanks, 
Michal 

> 
> 
> Sent from my Samsung device. 
>    
>    Include original message 
> ---- Original message ---- 
> From: Michał Kłeczek<michal@kleczek.org> 
> Sent: 14/02/2017 01:27:09 am 
> To: dev@river.apache.org 
> Subject: Re: OSGi NP Complete Was: OSGi - deserialization remote invocation strategy

> 
> See below. 
> 
> Peter wrote: 
>>   Using one of the secure discovery providers with authentication and input validation.  Download and deserialization permissions are granted dynamically just after authentication, but before download.

> But now you just moved trust decisions to SafeServiceRegistrar  
> implementation. 
> It is even worse than with "CodeDownloadingSmartProxyWrapper" because 
> SafeServiceRegistrar implementation classes are dynamically downloaded 
> while the CodeDownloadingSmartProxyWrapper class is local. 
> 
> Thanks, 
> Michal 
> 
> 



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message