A good point Godwin! If an intruder get admin access to a host that runs a mission crtical server, he/she could anyway damage the system very badly.
However I think you have a point. We use secure wallet to encrypt all the system passwords to avoid even an admin user getting access to the server. But still seems like he/she can interact with the system by dropping a new bundle. On Fri, Feb 13, 2015 at 9:39 PM, Godwin Amila Shrimal <[email protected]> wrote: > Hi, > > Since most of the hacking/fraud happens from the internally this topic > just came to my mind, Our carbon products don't have OSGI level security, > As an example, If someone internally in the company knows OSGI then can > write an OSGI bundle which harm to the system and deploy simply. Shouldn't > we consider this ? (Apologize if I am asking a question which is not valid) > > > Thanks > Godwin > > -- > *Godwin Amila Shrimal* > Senior Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* > twitter: https://twitter.com/godwinamila > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Imesh Gunaratne* Technical Lead WSO2 Inc: http://wso2.com T: +94 11 214 5345 M: +94 77 374 2057 W: http://imesh.gunaratne.org Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
