Thanks for the reply.
> Xiaopong Tran wrote:
> > The EJB specs said that EJBs are not allowed
> > to access the file system for security issues.
>
> Correct. This is an optional feature in jBoss though.
>
> (Note: and it is actually spec compliant to not enforce this at all..)
>
So, whether a container enforces this or not, it's still
spec compliant?
> > Can someone clarify what security issues are
> > involved here? It sounds strange to me here
> > that accessing the file system from an EJB
> > would cause any security problem, as EJBs
> > are designed to be run on a the server in
> > the back end, in a "well-controlled" environment.
> > It's not like the applet situation where you
> > don't know what you get.
>
> It has less to do with security than portability. If you do file access
> you are potentially making your beans less portable. If you have to
> access files through some resource manager, this ensures that your beans
> are always portable to another server.
>
> See, the spec has as its primary goal "If it's an EJB, it IS portable",
> and these restrictions are a way of enforcing this. No "well, maybe,
> unless you've done this or that, ..or..". None of that. With EJB, they
> *ARE* portable, period.
>
> Does this answer your query?
>
Well, portability is a design issue, more or less related
to the programmer's skill. But security is something else.
If I don't hard-code my system-dependent stuffs (e.g. directory),
and put it as a variable during the deployment, that's my
problem and I should not be forbidden from accessing
that directory. The container should not throw an exception
on me, right?
Besides, if I develop the beans for my own company's usage
only, and I know perfectly that they will only be deployed
on a specific platform only (e.g. Unix, no NT in my server room!),
I can hardcode whatever I want (not to mean this is desirable),
that is my decision made consciously.
Anyways, that looks more like a burden that anything
else.
Thanks for the quick reply.
Xiaopong
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
