> Pierpaolo Fumagalli <[EMAIL PROTECTED]> wrote:
>Webmaster wrote:
>>
>> The present system required two trivial modifications of JServ.java, and
>> adding two classes (JailSecurityManager and Configurable). To have a more
>> flexible security system would require more modifications to JServ, which
>> I'll try to do if have time :-\
>>
>> What about integrating this simple SecurityManager infrastructure into
>> JServ?
>
>Seems to be pretty nice.... Does it require JDK1.2 or 1.1? The security
>model is pretty different down there...
It works under 1.1, and should work for 1.2, though I haven't tested it.
>For the integration in the main JServ distribution, I think that I would
>prefer to see such an addtion to the Tomcat codebase, rather than JServ,
Why not both? It is a benign addition (in the sense of no side-effects), and
I already have JServ running with this (I presently do not have tomcat
running, but I'll have it soon).
>also because, when dealing with the S.M. you don't require any
>particular architecture change... All you need is access to a bunch of
>configurations...
This depends on what you want to do. I was thinking of some (non-essential)
changes to let the security manager know more about JServ and its zones
(allowing both per-JVM and per-zone configurations), but I don't know if: a)
do we really need this; b) do I have short-term availability to do it
(unlikely...); c) overhead would be acceptable.
Carlos
--
----------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]