>From: Rickard �berg <[EMAIL PROTECTED]>
>Reply-To: A mailing list for Enterprise JavaBeans development
><[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Obscure EJB programming restriction
>Date: Sun, 29 Oct 2000 17:39:33 +0100
>
> > I noticed a fairly obscure EJB programming restriction today that I
> > didn't know existed since the appserver I use doesn't enforce it:
> >
> > "An Enterprise bean must not define a class in a package, as this
======================================================================
is a function reserved for the container for security reasons."
===============================================================
> >
> > This exists both in EJB1.1 and EJB2.0 spec. I'm not sure about EJB 1.0.
> >
> > 1) Why is this a security risk?
>
>First of all, just what the heck does it mean?? Does it mean that a bean
>may not be put in a package(??), or does it mean (literally) that it may
>not *define* a class in a package through a ClassLoader.. or what does
>it really mean? What action, precisely, is not allowed?
>
> > 2) Does any appserver out there actually enforce it?
>
>Well, in jBoss we only allow beans to do what the EJB spec says, so I
>guess we enforce it (whatever it is).
>
>(And yes, of course it is possible to turn off security checking if you
>want to).
================================================================
Can somebody explain the meaning of the underlined statement above.
Does it mean that you cant use a class in a package?
TIA
sam
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
