I have always felt that Geronimo won't be suitable for a hosting kind of environment where applications owned by unrelated parties may be hosted on the same server (does such a thing happen in reality?). Irrespective of this, GBeans permissions appears to be something we can consider to have. The following is an excerpt from a private conversation I had with David Jencks on IRC. Read on...
*vamsic007:* The usability of Geronimo in a hosting kind of environment has always bothered me. *djencks :* how? *vamsic007:* Any application running in G can get hold of any other application related GBeans and do what ever *vamsic007:* Any app can stop any configuration it wishes to *djencks :* realistically does anyone run apps from unrelated people on the same server? *vamsic007:* won't that be the situation in a hosting environment? *djencks :* I don't know *djencks :* I would expect if I rent server space I'd probably get my own vm *djencks :* but I'm not a hosting company *vamsic007:* hmm... *vamsic007:* will have to find out if my concern is genuine or I am worried unnecessarily. *vamsic007:* I always thought that we should have a mechanism to enforce GBean permissions. *djencks :* I can see several places gbean permissions could work *djencks :* 1. getting gbean from kernel. This is pretty non-intrusive *djencks :* 2. actually calling operations/accessing attributes on a gbean. I think this would require putting proxies back in *djencks :* there's also a bootstrap question of what enforces the permissions until the jacc system is operational *djencks :* since e.g datasources bound in jndi end up calling a gbean operation to get the datasource, this would have a lot of intersection with the normal server operations *vamsic007:* May be I will initiate a discussion on this on [EMAIL PROTECTED] get others inputs too. I do not want to go on dev-list coz it is related to security and do not want to make the users feel insecure unnecessarily. *djencks :* I'd prefer to talk about it on dev, I think we could use all the input we can get. *vamsic007:* thanks David. Comments? Suggestions? Am I worried unnecessarily? Are GBean permissions something that we should consider? Thank you. ++Vamsi
