On Fri, Feb 13, 2015 at 9:39 PM, Godwin Amila Shrimal <[email protected]> wrote:
> Hi, > > Since most of the hacking/fraud happens from the internally this topic > just came to my mind, Our carbon products don't have OSGI level security, > As an example, If someone internally in the company knows OSGI then can > write an OSGI bundle which harm to the system and deploy simply. Shouldn't > we consider this ? (Apologize if I am asking a question which is not valid) > AFAIK Most Important Carbon API's are protected using Java Security, So the OSGi level security can be achieved using Java Security Manager. But from someone who has physical access to the system, we have to trust them. One thing we can do is, implement a separate server auditing mechanism (which is out of control from devops). > > > Thanks > Godwin > > -- > *Godwin Amila Shrimal* > Senior Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* > twitter: https://twitter.com/godwinamila > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Aruna Sujith Karunarathna* | Software Engineer WSO2, Inc | lean. enterprise. middleware. #20, Palm Grove, Colombo 03, Sri Lanka Mobile: +94 71 9040362 | Work: +94 112145345 Email: [email protected] | Web: www.wso2.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
