> -----Original Message----- > From: Max Kington [mailto:[EMAIL PROTECTED] > > -----Original Message----- > From: David Blevins [mailto:[EMAIL PROTECTED] > > On Tue, May 11, 2004 at 01:21:16PM +0200, hbaxmann wrote: > > > > 0. Take the security issue seriously with "class HelloWorld > > > could not be > > > > loaded because of security exception" kind of art using the > > > already existing > > > > java.security and java.policy thingy in conjuntion with a signed > > > > org.apache.geronimo.system.main.Daemon geronimo-system-*.jar. > > > > > > > > > > We definitely have these thoughts on our radar and plan on being total > > > security nuts. We'd even like to sign things like our own packaged > > > components which contain all the classes and configs of something > > > Geronimo loads into its container as an actually part the system. > > > > > > > Mhhhm, there are well known J2EE implementations which are able no more > to > > introduce a AOP-proved security because the whole thing has to be > > "refactored": rewritten. Are there any standardization efforts in > inventing > > or using a already existent _idenfication_mechanism_ for class > _instances_ > ? > > > > Otherwise IMHO one will end up with a 'turn-one-key-open-all-doors' AOP > > crap. > > > > >You missunderstood. The tidbit I just mentioned is an additional > step > for distrobution security, like PGP signing of tar.gz and zip files on the > Apache > > >download sites, not a replacement for runtime security. I was > just concurring and adding that we are not 'one-key-opens-all-doors' kind > of > thinkers. > > > > >Security should be a layered onion, not an achilles heal. > Yes, but at the same time it should be easy to use and configure, added > complexity leads to mistakes > when people have to configure around your protocols, the onion shouldn't > make you cry :-)
Hee hee; note to self, use Russian doll analogy. Yes Max, we hope that this is what we have. We will have pre-configured dolls for administrators to snap in. Regards, Alan
