Rickard �berg wrote:
>
> Hey
>
> Xiaopong Tran wrote:
> > The EJB specs said that EJBs are not allowed
> > to access the file system for security issues.
>
> Correct. This is an optional feature in jBoss though.
>
I did not know it was already optional (did see the code yesterday
though ;-)
disregard my last message...
<revving-up/>
marc
> (Note: and it is actually spec compliant to not enforce this at all..)
>
> > Can someone clarify what security issues are
> > involved here? It sounds strange to me here
> > that accessing the file system from an EJB
> > would cause any security problem, as EJBs
> > are designed to be run on a the server in
> > the back end, in a "well-controlled" environment.
> > It's not like the applet situation where you
> > don't know what you get.
>
> It has less to do with security than portability. If you do file access
> you are potentially making your beans less portable. If you have to
> access files through some resource manager, this ensures that your beans
> are always portable to another server.
>
> See, the spec has as its primary goal "If it's an EJB, it IS portable",
> and these restrictions are a way of enforcing this. No "well, maybe,
> unless you've done this or that, ..or..". None of that. With EJB, they
> *ARE* portable, period.
>
> Does this answer your query?
>
> /Rickard
>
> --
> Rickard �berg
>
> @home: +46 13 177937
> Email: [EMAIL PROTECTED]
> http://www.telkel.com
> http://www.jboss.org
> http://www.dreambean.com
>
> --
> --------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
