Thomas E Enebo wrote:
>
> On 6/28/07, dertown <[EMAIL PROTECTED]> wrote:
>> Thomas E Enebo wrote:
>> >
>> > I say chuck it out since we are not even close to being correct in
>> > this area. It gives a false sense of security. In fact, I wonder
>> > what sort of audit MRI goes through to demonstrate that safe/taint is
>> > working. As far as I can tell tainting is really tough to get right
>> > and keep right.
>> >
>> > The Drb mention below makes me think we need to come up with a
>> > creative solution to replace it (using Java's security mechanism in
>> > some way). I am hoping some enterprising community member who cares
>> > about this will help find the true path...
>>
>> I dont know to much about the Java Security , so to make sure is secure
>> we
>> would have to wrap the Java security in a Ruby Class? that would a very
>> quick way of doing it.
>>
>> Or would it be better to create a brand new Jruby Security library that
>> is
>> built from the ground up?
>
> One reasonable requirement would be to make sure what API we come up
> with can be implemented in C Ruby (MRI). This then could be portable
> across implementations.
>
> So how ever we implement it we should make sure it can be expressed in
> pure-Ruby and not too Java-specific in appearance.
>
> I think someone more versed in Java security may be able to better
> answer which is a better way.
>
> -Tom
>
> --
>
>
>
Hi Tom
Is there a place where we can start getting some requiremnts together for a
new Ruby Security implentation. Then it would be possible to completely
replace SAFE and Taint.
Would people want to use the same api if possible?
Derek
--
View this message in context:
http://www.nabble.com/Ditching-SAFE-and-tainting-tf3989911.html#a11360117
Sent from the JRuby - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
