Hi, Torgeir Veimo schrieb: > The servlet container usually have default security policies defined, which > can easily be changed. Eg for tomcat, look at conf/catalina.policy. > Am not sure what facilities ogsi containers provide in this area though?
OSGi containers basically also depend on standard Java security, for example many operations in the framework and compendium services are defined to fail with a SecurityException if some Permission is not granted. By defualt (in Sling), Java security is turned off. Be warned, though, Java Security is a thorny road ;-) Regards Felix > > 2009/4/22 Jukka Zitting <jukka.zitt...@gmail.com> > >> Hi, >> >> I was thinking about the implications of giving a user write access to >> a subtree of the repository. With that access the user could now >> upload a new script and create a node that invokes that script when >> rendered. >> >> What if the script contains something like System.exit(1)? Or >> something even more malicious? >> >> Do we have mechanisms for preventing attack scenarios like that? >> >> BR, >> >> Jukka Zitting >> > > >
