Hi,
So RMI is scary too. I thought that the java security model has
facilities for this. One such feature is SignedObject. We need certificates too.
Doesn't the java security model deal with code outside the sandbox? A
SignedObject is for the purpose of creating authentic run-time objects. Will
there be a client container spec. addressing these?
bye,
Mohan
Dave Wolf wrote:
> Are you going to do SSL as well? Check all the certificates? Be sure no
> one is spoofing the IP of your CODEBASE? DNS redirects? How good is the OS
> security at your CORBASE? Could they be swapping classes and you not know?
>
> This is downloaded bytecode outside a sandbox. Scary stuff.....
>
> Dave Wolf
> Internet Applications Division
> Sybase
>
> ----- Original Message -----
> From: "Robert Nicholson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, February 15, 2001 2:29 PM
> Subject: Re: Bootstrapping stubs with EJBs?
>
> > If you cna control the codebase of where it's coming from why should you
> > care.
> >
> > > -----Original Message-----
> > > From: A mailing list for Enterprise JavaBeans development
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Dave Wolf
> > > Sent: Thursday, February 15, 2001 10:53 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Bootstrapping stubs with EJBs?
> > >
> > >
> > > It will be vendor by vendor. Do realize bootstrapped stubs represent a
> > > pretty major security issue. How many client implementations will find
> > > downloading unknown bytecode to their system acceptable. Even with java
> > > security, you now have the overhead of signing every jar/class,
> > > etc etc etc
> > >
> > > Im not sure I find bootstrapping the classes via http download really
> > > acceptable or realistic.
> > >
> > > Dave Wolf
> > > Internet Applications Division
> > > Sybase
> > >
> > > ----- Original Message -----
> > > From: "Robert Nicholson" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, February 15, 2001 1:25 PM
> > > Subject: Bootstrapping stubs with EJBs?
> > >
> > >
> > > > Is this possible with most EJB implementations?
> > > >
> > > > I'm currently reading the RMI chapter in WROXs J2EE book and
> > > they describe
> > > > how the RMIClassLoader can download the stubs on the fly from
> > > the server.
> > > >
> > > > Can this be done with EJB? If so how is it done?
> > > >
> > > >
> > > ==================================================================
> > > =========
> > > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > > body
> > > > of the message "signoff EJB-INTEREST". For general help, send email
> to
> > > > [EMAIL PROTECTED] and include in the body of the message "help".
> > > >
> > > >
> > >
> > > ==================================================================
> > > =========
> > > To unsubscribe, send email to [EMAIL PROTECTED] and include
> > > in the body
> > > of the message "signoff EJB-INTEREST". For general help, send email to
> > > [EMAIL PROTECTED] and include in the body of the message "help".
> > >
> >
> >
> ===========================================================================
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> > of the message "signoff EJB-INTEREST". For general help, send email to
> > [EMAIL PROTECTED] and include in the body of the message "help".
> >
> >
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
