Hey
Xiaopong Tran wrote:
>
> Thanks for the reply.
>
> > Xiaopong Tran wrote:
> > > The EJB specs said that EJBs are not allowed
> > > to access the file system for security issues.
> >
> > Correct. This is an optional feature in jBoss though.
> >
> > (Note: and it is actually spec compliant to not enforce this at all..)
> >
>
> So, whether a container enforces this or not, it's still
> spec compliant?
A bit bizarre, but yes.
> Well, portability is a design issue, more or less related
> to the programmer's skill. But security is something else.
>
> If I don't hard-code my system-dependent stuffs (e.g. directory),
> and put it as a variable during the deployment, that's my
> problem and I should not be forbidden from accessing
> that directory. The container should not throw an exception
> on me, right?
Almost. The spec writers wanted to make sure that it was impossible to
mess things up. EJB has been defined for Joe Programmer. IMHO that was a
good decision. Also, from an ASP point of view I wouldn't want a bean to
read any file on the HD, which would be a security risk from the servers
point of view.
> Besides, if I develop the beans for my own company's usage
> only, and I know perfectly that they will only be deployed
> on a specific platform only (e.g. Unix, no NT in my server room!),
> I can hardcode whatever I want (not to mean this is desirable),
> that is my decision made consciously.
Exactly, so you would want to run your beans in "no security" mode.
Which you may.
> Anyways, that looks more like a burden that anything
> else.
It enforces you to do reusable beans. IMHO that's a good thing.
/Rickard
--
Rickard �berg
@home: +46 13 177937
Email: [EMAIL PROTECTED]
http://www.telkel.com
http://www.jboss.org
http://www.dreambean.com
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
