Hi, I also agree with Aruna's point. We have to trust the admin users who has physical access to the system. If those users are malicious users, they can even bring the entire system down if they want. In such cases I believe that we don't have anything to do.
Thanks, Lakshitha Harshan Software Engineer Mobile: *+94724423048* Email: [email protected] Blog : http://harshanliyanage.blogspot.com/ *WSO2, Inc. :** wso2.com <http://wso2.com/>* lean.enterprise.middleware. On Sun, Feb 15, 2015 at 8:13 PM, Aruna Karunarathna <[email protected]> wrote: > > > On Fri, Feb 13, 2015 at 9:39 PM, Godwin Amila Shrimal <[email protected]> > wrote: > >> Hi, >> >> Since most of the hacking/fraud happens from the internally this topic >> just came to my mind, Our carbon products don't have OSGI level security, >> As an example, If someone internally in the company knows OSGI then can >> write an OSGI bundle which harm to the system and deploy simply. Shouldn't >> we consider this ? (Apologize if I am asking a question which is not valid) >> > > AFAIK Most Important Carbon API's are protected using Java Security, So > the OSGi level security can be achieved using Java Security Manager. But > from someone who has physical access to the system, we have to trust them. > > One thing we can do is, implement a separate server auditing mechanism > (which is out of control from devops). > > >> >> >> Thanks >> Godwin >> >> -- >> *Godwin Amila Shrimal* >> Senior Software Engineer >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >> twitter: https://twitter.com/godwinamila >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > *Aruna Sujith Karunarathna* | Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 71 9040362 | Work: +94 112145345 > Email: [email protected] | Web: www.wso2.com > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
