N.B. The Certs aren't encoded in the codebase annotation.
The jar file itself is signed.
DownloadPermission is actually misnamed, it really should be called
ClassDefiningPermission. The JarFile is actually downloaded.
On 14/02/2017 1:45 AM, Michał Kłeczek wrote:
Peter wrote:
The codebase is signed and download permission is granted only to the
signed codebase.
What is "signed codebase"? How do you encode the signature in the
codebase annotation?
Codebase of what service?
All of them?
Thanks,
Michal
Sent from my Samsung device.
Include original message
---- Original message ----
From: Michał Kłeczek<mic...@kleczek.org>
Sent: 14/02/2017 01:27:09 am
To: dev@river.apache.org
Subject: Re: OSGi NP Complete Was: OSGi - deserialization remote
invocation strategy
See below.
Peter wrote:
Using one of the secure discovery providers with authentication
and input validation. Download and deserialization permissions are
granted dynamically just after authentication, but before download.
But now you just moved trust decisions to SafeServiceRegistrar
implementation.
It is even worse than with "CodeDownloadingSmartProxyWrapper" because
SafeServiceRegistrar implementation classes are dynamically downloaded
while the CodeDownloadingSmartProxyWrapper class is local.
Thanks,
Michal
