Am Freitag, 26. November 2004 11:45 schrieb Jeroen Frijters: > Michael Koch wrote: > > What do you do if someone writes a package gnu.foobar and wants > > to access it ? There are some gnu.* packages out there. > > Hmm. Typically these won't be loaded by the bootstrap class loader, > so it shouldn't be a problem, but if you want to avoid any possible > problems we can also introduce a gnu.classpath.private.* package > for all the classes that are privileged. > > > Do you want to > > maintain the list of packages to allow ? The list of packages we > > need to limit access too is much leaner and well known to us as > > the packages are maintained under our control. > > Black listing isn't as secure as white listing. It's easy to forget > to add a package and not having access to a package is better than > having a security hole.
Thats true. We could automate it. E.g. we could write a script which generates the list automatically during build time. Perhaps too much overhead. The bootstrap class loader should to the trick. Hopefully. Michael -- Homepage: http://www.worldforge.org/ _______________________________________________ Classpath mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/classpath
