I think we need to have this type of security checks in the unit tests that use CarbonContext. This is one place where malicious code can get into a running system.
/sumedha On Sun, Aug 8, 2010 at 5:59 PM, Sameera Jayasoma <same...@wso2.com> wrote: > +1. We've faced many security issues, due this exposure of internal > packages. One such good example is, never expose your BundleActivator. It > might be keeping references to your BundleContext and the BundleContext > should never be shared with any other bundle. > > Sameera > > On Fri, Aug 6, 2010 at 8:53 AM, Afkham Azeez <az...@wso2.com> wrote: > >> Folks, >> We haven't been paying proper attention to bundle internal vs. external >> classes. This is evident by the fact that most of our internal packages >> contain only a few classes. Most of the classes are related to the bundles >> internal implementation and hence should not be exposed to outside bundles. >> In the future, please make it a point to place your bundle private classes >> within subpackages of the internal subpackage as shown in the example >> below. >> >> >> e.g. org.wso2.stratos.permission.update.internal.task.PermissionUpdaterTask >> >> If you look at most of our components, you will notice that a significant >> number of them should have only internal package. Please follow this when >> developing bundles in the future & also feel free to fix this in existing >> bundles. >> >> Thanks >> -- >> Afkham Azeez >> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, >> Lean . Enterprise . Middleware >> Member; Apache Software Foundation; http://www.apache.org/ >> email: az...@wso2.com cell: +94 77 3320919 >> blog: http://blog.afkham.org >> twitter: http://twitter.com/afkham_azeez >> linked-in: http://lk.linkedin.com/in/afkhamazeez >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Sameera Jayasoma > Technical Lead > WSO2, Inc. (http://wso2.com) > email: same...@wso2.com > blog: http://tech.jayasoma.org > > Lean . Enterprise . Middleware > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
