On Wednesday 25 September 2002 16:37, Peter Donald wrote: > Hiya, > > On Thu, 26 Sep 2002 08:23, Mauro Talevi wrote: > > 1. security policy is set in <policy> element in environment.xml, > > and - as stated in docs - if not set then it is equivalent to > > AllPermissions. > > yep. > > > Is that regardless of the $JAVA_HOME/jre/lib/security and > > ~/.java.policy? > > The security permissions for the JVM are only used for the common classes > (ie $PHOENIX_HOME/lib/*.jar) and the container classes > ($PHOENIX_HOME/bin/lib) > > However we actually specify the security policy as the one stored in the > phoenix-launcher.jar. Have a look in that for the Kernel/common classes > policy file.
Hi, I'm picking up on this discussion to find answer to a question that has buged me lately. A while ago we had a discussion about making available kernel services to blocks. We all know the benefits of that. The problem is how to protect the kernel from malicious/unknown code. The solution would be to create a few Phoenix specific Permission classes (such as DeployPermission, ApplicationPermission) and use the AccessController to check if the calling code has been granted access (configured in the general policy file). So my question is why this solution was not chosen? Because right now Phoenix is moving away from its original definition of "micro-kernel" by integrating more and more functionality into the kernel space (aka SystemManager, DeploymentMonitor ..). Mircea -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
