tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Tomcat + Hibernate2 + Security Manager
Date Tue, 27 Jan 2004 17:04:21 GMT


>I know this is a little bit out of topic, but the general concept is
>for everybody.

I agree this is useful for everyone.  Posting off-topic is fine as long
as you mark it by placing [OFF-TOPIC] at the beginning of the subject

>Note: I DID test using a codebase like:
>grant codeBase "file:/home//client/public_html/WEB-
>INF/lib/hibernate2.jar!/-" {
>but the classes hibernate creates after reflection stop obeying the
>security manager.

Yeah, that's too bad.  The SuppressAccessChecks permission is dangerous,
if malicious code is running inside your VM.

Yoav Shapira

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message