On 26/04/2022 8:10 pm, Alan Bateman wrote:
On 26/04/2022 10:06, Peter Firmstone wrote:
:
What about ensuring that all network access occurs through a single
location that we can instrument?
Network, file, and process launch are potentially interesting but
instrumenting them to run arbitrary code may be problematic (for the
same reasons that custom security managers can be problematic).
-Alan
A service provider? Don't specify that's it's for security, just for
intercepting network, file and process launching.
"can" is the key word here. The problems are manageable when you know
about them. If a developer isn't aware, it could create nasty
surprises. So can't we document the gotchas?
Regards,
Peter.