On Mon, Aug 9, 2010 at 12:15 AM, Sumedha Rubasinghe <sume...@wso2.com>wrote:
> I think we need to have this type of security checks in the unit tests that > use CarbonContext. This is one place where malicious code can get into a > running system. > The better way to implement security is to move externally accessible classes to a package under external and expose only the external package. This way people know it going to access by the others and hence should always follow the secure guide lines. thanks, Amila. > > /sumedha > > > > On Sun, Aug 8, 2010 at 5:59 PM, Sameera Jayasoma <same...@wso2.com> wrote: > >> +1. We've faced many security issues, due this exposure of internal >> packages. One such good example is, never expose your BundleActivator. It >> might be keeping references to your BundleContext and the BundleContext >> should never be shared with any other bundle. >> >> Sameera >> >> On Fri, Aug 6, 2010 at 8:53 AM, Afkham Azeez <az...@wso2.com> wrote: >> >>> Folks, >>> We haven't been paying proper attention to bundle internal vs. external >>> classes. This is evident by the fact that most of our internal packages >>> contain only a few classes. Most of the classes are related to the bundles >>> internal implementation and hence should not be exposed to outside bundles. >>> In the future, please make it a point to place your bundle private classes >>> within subpackages of the internal subpackage as shown in the example >>> below. >>> >>> >>> e.g. org.wso2.stratos.permission.update.internal.task.PermissionUpdaterTask >>> >>> If you look at most of our components, you will notice that a significant >>> number of them should have only internal package. Please follow this when >>> developing bundles in the future & also feel free to fix this in existing >>> bundles. >>> >>> Thanks >>> -- >>> Afkham Azeez >>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, >>> Lean . Enterprise . Middleware >>> Member; Apache Software Foundation; http://www.apache.org/ >>> email: az...@wso2.com cell: +94 77 3320919 >>> blog: http://blog.afkham.org >>> twitter: http://twitter.com/afkham_azeez >>> linked-in: http://lk.linkedin.com/in/afkhamazeez >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Sameera Jayasoma >> Technical Lead >> WSO2, Inc. (http://wso2.com) >> email: same...@wso2.com >> blog: http://tech.jayasoma.org >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
