On 6/28/07, dertown <[EMAIL PROTECTED]> wrote:
Thomas E Enebo wrote:
>
> I say chuck it out since we are not even close to being correct in
> this area. It gives a false sense of security. In fact, I wonder
> what sort of audit MRI goes through to demonstrate that safe/taint is
> working. As far as I can tell tainting is really tough to get right
> and keep right.
>
> The Drb mention below makes me think we need to come up with a
> creative solution to replace it (using Java's security mechanism in
> some way). I am hoping some enterprising community member who cares
> about this will help find the true path...
I dont know to much about the Java Security , so to make sure is secure we
would have to wrap the Java security in a Ruby Class? that would a very
quick way of doing it.
Or would it be better to create a brand new Jruby Security library that is
built from the ground up?
One reasonable requirement would be to make sure what API we come up
with can be implemented in C Ruby (MRI). This then could be portable
across implementations.
So how ever we implement it we should make sure it can be expressed in
pure-Ruby and not too Java-specific in appearance.
I think someone more versed in Java security may be able to better
answer which is a better way.
-Tom
--
Blog: http://www.bloglines.com/blog/ThomasEEnebo
Email: [EMAIL PROTECTED] , [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
