Hi Imesh, Yes , as you said, it is no avoidable if it is going to the dropping. But my question is, do we need to address this, because it is like doing attack him self who has access to the system.
*Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * <http://www.apache.org/>* *email: **[email protected]* <[email protected]>* cell: +94 71 5186770 , +94 * *774617784twitter: **http://twitter.com/ <http://twitter.com/afkham_azeez>* *harshathirimannlinked-in: **http: <http://lk.linkedin.com/in/afkhamazeez>**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 <http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122>* *Lean . Enterprise . Middleware* On Sat, Feb 14, 2015 at 8:57 PM, Imesh Gunaratne <[email protected]> wrote: > A good point Godwin! If an intruder get admin access to a host that runs a > mission crtical server, he/she could anyway damage the system very badly. > > However I think you have a point. We use secure wallet to encrypt all the > system passwords to avoid even an admin user getting access to the server. > But still seems like he/she can interact with the system by dropping a new > bundle. > > On Fri, Feb 13, 2015 at 9:39 PM, Godwin Amila Shrimal <[email protected]> > wrote: > >> Hi, >> >> Since most of the hacking/fraud happens from the internally this topic >> just came to my mind, Our carbon products don't have OSGI level security, >> As an example, If someone internally in the company knows OSGI then can >> write an OSGI bundle which harm to the system and deploy simply. Shouldn't >> we consider this ? (Apologize if I am asking a question which is not valid) >> >> >> Thanks >> Godwin >> >> -- >> *Godwin Amila Shrimal* >> Senior Software Engineer >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >> twitter: https://twitter.com/godwinamila >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Imesh Gunaratne* > Technical Lead > WSO2 Inc: http://wso2.com > T: +94 11 214 5345 M: +94 77 374 2057 > W: http://imesh.gunaratne.org > Lean . Enterprise . Middleware > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
