On Fri, 22 Jun 2001 01:19, Berin Loritsch wrote:
> Peter Donald wrote:
> > On Thu, 21 Jun 2001 23:22, Berin Loritsch wrote:
> > > I beleive we need to go through our Coding Standards document,
> > > purge some items (since they do not apply to modern JVMs) and
> > > incorporate ideas from this list of documents:
> > >
> > > Twelve rules for developing more secure Java code
> > > -------------------------------------------------
> > > http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules_p.htm
> > >l
> >
> > Ouch I never knew about Rule 5 - Inner classes are evil. Rule 4 no longer
> > applies because we could choose to seal packages if we wanted to.
>
> Actually rule 4 still applies. Manifest sealing of a jar ONLY works when a
> SecureClassLoader is used. Package sealing is too easily disabled to
> trust. The point is important: don't trust package access (no modifiers).
But if you are not running in SecureClassLoader and under a SecurityManager,
your code can do all sorts of nasty things by careful manipulation of
bytecodes. So if you do choose to run without Secur* then the code is
insecure anyways.
> Other than that--how should we modify our code standards doc?
I am not sure we should modify it directly. Maybe create new document to
describe secure practices as these really don't have a lot to do with
presentation of code but more to do with structure? Not sure.
----------------------------------------
Content-Type: application/x-pkcs7-signature; charset="us-ascii";
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Description: S/MIME Cryptographic Signature
----------------------------------------
--
Cheers,
Pete
*-----------------------------------------------------*
| "Faced with the choice between changing one's mind, |
| and proving that there is no need to do so - almost |
| everyone gets busy on the proof." |
| - John Kenneth Galbraith |
*-----------------------------------------------------*
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
