Hey
Xiaopong Tran wrote:
> The EJB specs said that EJBs are not allowed
> to access the file system for security issues.
Correct. This is an optional feature in jBoss though.
(Note: and it is actually spec compliant to not enforce this at all..)
> Can someone clarify what security issues are
> involved here? It sounds strange to me here
> that accessing the file system from an EJB
> would cause any security problem, as EJBs
> are designed to be run on a the server in
> the back end, in a "well-controlled" environment.
> It's not like the applet situation where you
> don't know what you get.
It has less to do with security than portability. If you do file access
you are potentially making your beans less portable. If you have to
access files through some resource manager, this ensures that your beans
are always portable to another server.
See, the spec has as its primary goal "If it's an EJB, it IS portable",
and these restrictions are a way of enforcing this. No "well, maybe,
unless you've done this or that, ..or..". None of that. With EJB, they
*ARE* portable, period.
Does this answer your query?
/Rickard
--
Rickard �berg
@home: +46 13 177937
Email: [EMAIL PROTECTED]
http://www.telkel.com
http://www.jboss.org
http://www.dreambean.com
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
