On Thu, Sep 20, 2012 at 12:52 AM, Chris wrote: > So ... a client wants to know just how risky it is to temporarily > allow java.security.AllPermission ?
I presume this is a followup to your Weblogic / RMI problem? > It's clear it's not good, but how bad is it? What exactly could > someone do to a server that's behind firewalls and load balancers? Probably it is inconsequential in the big picture. As always there is a layered security model. The access of the server running CF to other systems is limited by firewalls. The access of the JVM instance to the server is limited by the Windows account. The access of CF to the JVM instance is limited by the java.security.* security permissions. What I presume is happening is that by default CF runs with java.security.AllPermission already. (Have a look at the security policy in /WEB-INF/cfusion/lib/coldfusion.policy and /WEB-INF/cfusion/lib/neo_jaas.policy to see what CF ships with.) Then when some Weblogic RMI call is ran, some other security policy that is much more restricted is loaded, causing CF to fail. The new configuration would overrule that security policy and restore the original security from CF. If this presumption is right, you can tel them that from a CF perspective you are just restoring the original configuration. The only additional risk is not CF, but the Weblogic RMI running with additional proivileges. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352696 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
