Looks like there is also a JIRA https://issues.apache.org/jira/browse/GERONIMO-1487 created long time ago!!
On Feb 8, 2008 3:13 PM, Vamsavardhana Reddy <[EMAIL PROTECTED]> wrote: > I have always felt that Geronimo won't be suitable for a hosting kind of > environment where applications owned by unrelated parties may be hosted on > the same server (does such a thing happen in reality?). Irrespective of > this, GBeans permissions appears to be something we can consider to have. > The following is an excerpt from a private conversation I had with David > Jencks on IRC. Read on... > > *vamsic007:* The usability of Geronimo in a hosting kind of environment > has always bothered me. > *djencks :* how? > *vamsic007:* Any application running in G can get hold of any other > application related GBeans and do what ever > *vamsic007:* Any app can stop any configuration it wishes to > *djencks :* realistically does anyone run apps from unrelated people on > the same server? > *vamsic007:* won't that be the situation in a hosting environment? > *djencks :* I don't know > *djencks :* I would expect if I rent server space I'd probably get my own > vm > *djencks :* but I'm not a hosting company > *vamsic007:* hmm... > *vamsic007:* will have to find out if my concern is genuine or I am > worried unnecessarily. > *vamsic007:* I always thought that we should have a mechanism to enforce > GBean permissions. > *djencks :* I can see several places gbean permissions could work > *djencks :* 1. getting gbean from kernel. This is pretty non-intrusive > *djencks :* 2. actually calling operations/accessing attributes on a > gbean. I think this would require putting proxies back in > *djencks :* there's also a bootstrap question of what enforces the > permissions until the jacc system is operational > *djencks :* since e.g datasources bound in jndi end up calling a gbean > operation to get the datasource, this would have a lot of intersection with > the normal server operations > *vamsic007:* May be I will initiate a discussion on this on > [EMAIL PROTECTED] to get others inputs too. I do not want to go on dev-list > coz it is related to security and do not want to make the users feel > insecure unnecessarily. > *djencks :* I'd prefer to talk about it on dev, I think we could use all > the input we can get. > *vamsic007:* thanks David. > > Comments? Suggestions? Am I worried unnecessarily? Are GBean > permissions something that we should consider? > > Thank you. > > ++Vamsi > >
