Howdy, >Could you give an example of how a malicious code could affect the security >of the JVM ?
You mean in general? How about System.exit()? >Usually I have a codebase policy like this for each user: > >permission java.io.FilePermission "/home/client/public_html/-", >"read,write,delete"; > >I guess that if someone writes a piece of code that tries to acess private >functions, static variables, etc from other libraries in different >directories, this policy will intercept the request and the malicious code >will not work. Am I right ? Is there a way that somebody could write code >that uses the catalina classes in order to do something bad ? Your IO permissions are not related to the reflection private access permission. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]