On Tue, May 11, 2004 at 01:21:16PM +0200, hbaxmann wrote: > > > 0. Take the security issue seriously with "class HelloWorld > > could not be > > > loaded because of security exception" kind of art using the > > already existing > > > java.security and java.policy thingy in conjuntion with a signed > > > org.apache.geronimo.system.main.Daemon geronimo-system-*.jar. > > > > > > > We definitely have these thoughts on our radar and plan on being total > > security nuts. We'd even like to sign things like our own packaged > > components which contain all the classes and configs of something > > Geronimo loads into its container as an actually part the system. > > > > Mhhhm, there are well known J2EE implementations which are able no more to > introduce a AOP-proved security because the whole thing has to be > "refactored": rewritten. Are there any standardization efforts in inventing > or using a already existent _idenfication_mechanism_ for class _instances_ ? > > Otherwise IMHO one will end up with a 'turn-one-key-open-all-doors' AOP > crap.
You missunderstood. The tidbit I just mentioned is an additional step for distrobution security, like PGP signing of tar.gz and zip files on the Apache download sites, not a replacement for runtime security. I was just concurring and adding that we are not 'one-key-opens-all-doors' kind of thinkers. Security should be a layered onion, not an achilles heal. -David
