On Fri, 22 Jun 2001 01:19, Berin Loritsch wrote: > Peter Donald wrote: > > On Thu, 21 Jun 2001 23:22, Berin Loritsch wrote: > > > I beleive we need to go through our Coding Standards document, > > > purge some items (since they do not apply to modern JVMs) and > > > incorporate ideas from this list of documents: > > > > > > Twelve rules for developing more secure Java code > > > ------------------------------------------------- > > > http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules_p.htm > > >l > > > > Ouch I never knew about Rule 5 - Inner classes are evil. Rule 4 no longer > > applies because we could choose to seal packages if we wanted to. > > Actually rule 4 still applies. Manifest sealing of a jar ONLY works when a > SecureClassLoader is used. Package sealing is too easily disabled to > trust. The point is important: don't trust package access (no modifiers).
But if you are not running in SecureClassLoader and under a SecurityManager, your code can do all sorts of nasty things by careful manipulation of bytecodes. So if you do choose to run without Secur* then the code is insecure anyways. > Other than that--how should we modify our code standards doc? I am not sure we should modify it directly. Maybe create new document to describe secure practices as these really don't have a lot to do with presentation of code but more to do with structure? Not sure. ---------------------------------------- Content-Type: application/x-pkcs7-signature; charset="us-ascii"; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Description: S/MIME Cryptographic Signature ---------------------------------------- -- Cheers, Pete *-----------------------------------------------------* | "Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof." | | - John Kenneth Galbraith | *-----------------------------------------------------* --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
