Can u put more info on SignedObjects.
regards,
Udaya
> -----Original Message-----
> From: Mohan Radhakrishnan [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, February 15, 2001 1:52 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Bootstrapping stubs with EJBs?
>
> Hi,
> So RMI is scary too. I thought that the java security model has
> facilities for this. One such feature is SignedObject. We need
> certificates too.
> Doesn't the java security model deal with code outside the sandbox? A
> SignedObject is for the purpose of creating authentic run-time objects.
> Will
> there be a client container spec. addressing these?
> bye,
> Mohan
>
> Dave Wolf wrote:
>
> > Are you going to do SSL as well? Check all the certificates? Be sure
> no
> > one is spoofing the IP of your CODEBASE? DNS redirects? How good is
> the OS
> > security at your CORBASE? Could they be swapping classes and you not
> know?
> >
> > This is downloaded bytecode outside a sandbox. Scary stuff.....
> >
> > Dave Wolf
> > Internet Applications Division
> > Sybase
> >
> > ----- Original Message -----
> > From: "Robert Nicholson" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, February 15, 2001 2:29 PM
> > Subject: Re: Bootstrapping stubs with EJBs?
> >
> > > If you cna control the codebase of where it's coming from why should
> you
> > > care.
> > >
> > > > -----Original Message-----
> > > > From: A mailing list for Enterprise JavaBeans development
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Dave Wolf
> > > > Sent: Thursday, February 15, 2001 10:53 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: Bootstrapping stubs with EJBs?
> > > >
> > > >
> > > > It will be vendor by vendor. Do realize bootstrapped stubs
> represent a
> > > > pretty major security issue. How many client implementations will
> find
> > > > downloading unknown bytecode to their system acceptable. Even with
> java
> > > > security, you now have the overhead of signing every jar/class,
> > > > etc etc etc
> > > >
> > > > Im not sure I find bootstrapping the classes via http download
> really
> > > > acceptable or realistic.
> > > >
> > > > Dave Wolf
> > > > Internet Applications Division
> > > > Sybase
> > > >
> > > > ----- Original Message -----
> > > > From: "Robert Nicholson" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Thursday, February 15, 2001 1:25 PM
> > > > Subject: Bootstrapping stubs with EJBs?
> > > >
> > > >
> > > > > Is this possible with most EJB implementations?
> > > > >
> > > > > I'm currently reading the RMI chapter in WROXs J2EE book and
> > > > they describe
> > > > > how the RMIClassLoader can download the stubs on the fly from
> > > > the server.
> > > > >
> > > > > Can this be done with EJB? If so how is it done?
> > > > >
> > > > >
> > > > ==================================================================
> > > > =========
> > > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in
> the
> > > > body
> > > > > of the message "signoff EJB-INTEREST". For general help, send
> email
> > to
> > > > > [EMAIL PROTECTED] and include in the body of the message
> "help".
> > > > >
> > > > >
> > > >
> > > > ==================================================================
> > > > =========
> > > > To unsubscribe, send email to [EMAIL PROTECTED] and include
> > > > in the body
> > > > of the message "signoff EJB-INTEREST". For general help, send email
> to
> > > > [EMAIL PROTECTED] and include in the body of the message "help".
> > > >
> > >
> > >
> >
> ==========================================================================
> =
> > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > body
> > > of the message "signoff EJB-INTEREST". For general help, send email
> to
> > > [EMAIL PROTECTED] and include in the body of the message "help".
> > >
> > >
> >
> >
> ==========================================================================
> =
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> > of the message "signoff EJB-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
>
> ==========================================================================
> =
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
