Thanks all for the responses...! On Mon, Feb 16, 2015 at 9:54 AM, Harshan Liyanage <[email protected]> wrote:
> Hi, > > I also agree with Aruna's point. We have to trust the admin users who has > physical access to the system. If those users are malicious users, they can > even bring the entire system down if they want. In such cases I believe > that we don't have anything to do. > > Thanks, > > Lakshitha Harshan > Software Engineer > Mobile: *+94724423048* > Email: [email protected] > Blog : http://harshanliyanage.blogspot.com/ > *WSO2, Inc. :** wso2.com <http://wso2.com/>* > lean.enterprise.middleware. > > On Sun, Feb 15, 2015 at 8:13 PM, Aruna Karunarathna <[email protected]> > wrote: > >> >> >> On Fri, Feb 13, 2015 at 9:39 PM, Godwin Amila Shrimal <[email protected]> >> wrote: >> >>> Hi, >>> >>> Since most of the hacking/fraud happens from the internally this topic >>> just came to my mind, Our carbon products don't have OSGI level security, >>> As an example, If someone internally in the company knows OSGI then can >>> write an OSGI bundle which harm to the system and deploy simply. Shouldn't >>> we consider this ? (Apologize if I am asking a question which is not valid) >>> >> >> AFAIK Most Important Carbon API's are protected using Java Security, So >> the OSGi level security can be achieved using Java Security Manager. But >> from someone who has physical access to the system, we have to trust them. >> >> One thing we can do is, implement a separate server auditing mechanism >> (which is out of control from devops). >> >> >>> >>> >>> Thanks >>> Godwin >>> >>> -- >>> *Godwin Amila Shrimal* >>> Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>> twitter: https://twitter.com/godwinamila >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> *Aruna Sujith Karunarathna* | Software Engineer >> WSO2, Inc | lean. enterprise. middleware. >> #20, Palm Grove, Colombo 03, Sri Lanka >> Mobile: +94 71 9040362 | Work: +94 112145345 >> Email: [email protected] | Web: www.wso2.com >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > -- *Godwin Amila Shrimal* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* twitter: https://twitter.com/godwinamila
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
