tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Curwen" <mi...@gb-im.com>
Subject RE: Tomcat + Hibernate2 + Security Manager
Date Tue, 27 Jan 2004 18:04:49 GMT
FYI: This has also been discussed here:
http://freeroller.net/page/jcarreira/20040126

> -----Original Message-----
> From: Shapira, Yoav [mailto:Yoav.Shapira@mpi.com] 
> Sent: Tuesday, January 27, 2004 11:04 AM
> To: Tomcat Users List
> Subject: RE: Tomcat + Hibernate2 + Security Manager
> 
> 
> 
> Howdy,
> 
> >I know this is a little bit out of topic, but the general concept is
> useful
> >for everybody.
> 
> I agree this is useful for everyone.  Posting off-topic is 
> fine as long as you mark it by placing [OFF-TOPIC] at the 
> beginning of the subject line.
> 
> >Note: I DID test using a codebase like:
> >
> >grant codeBase "file:/home//client/public_html/WEB-
> >INF/lib/hibernate2.jar!/-" {
> >....
> >
> >but the classes hibernate creates after reflection stop obeying the 
> >security manager.
> 
> Yeah, that's too bad.  The SuppressAccessChecks permission is 
> dangerous, if malicious code is running inside your VM.
> 
> Yoav Shapira
> 
> 
> 
> This e-mail, including any attachments, is a confidential 
> business communication, and may contain information that is 
> confidential, proprietary and/or privileged.  This e-mail is 
> intended only for the individual(s) to whom it is addressed, 
> and may not be saved, copied, printed, disclosed or used by 
> anyone else.  If you are not the(an) intended recipient, 
> please immediately delete this e-mail from your computer 
> system and notify the sender.  Thank you.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message