Folks, We added a bunch of tests in the last few days but we still need some help identifying and reviewing the components. Please see the wiki page ( http://cwiki.apache.org/confluence/display/GMOxDEV/Security+Review) for latest updates.
Thanks, Jarek On 10/29/07, Jarek Gawor <[EMAIL PROTECTED]> wrote: > A few security problems were discovered in Geronimo in the last few > months and weeks. Most of them were Geronimo-specific except one. > Therefore, I think we should spend a little bit of our time to review > our code and check for potential security problems. > As the first step, I think we should identify components that make > security decisions (e.g. LoginModules) or enable access to server > management and control (e.g. MEJB) or any other components that might > be important for sever security. > Once we have a few components identified we can start the review. > Besides finding and fixing the potential security problems during the > review we must also ensure that we have decent tests for these > components that cover a range of inputs. For each problem that we do > discover, we must write a test case to make sure it never happens > again. Basically, a problem is not fully addressed until we have a > test for it. > > For now, I created the following page where we can keep track of the > components and the review: > http://cwiki.apache.org/confluence/display/GMOxDEV/Security+Review > Feel free to update it in any way. > > Opinions? Ideas? Thoughts? > > Jarek >
