> I have just realized that we probably need to become more security > concerned than we have been so far. > > Anyone has any thoughts on this topic?
I don't understand your situation entirely, apologies if I'm way off base, and I suspect you want to go with standard Java approaches to managing security. But... I'll throw out $0.02 that most security is based on access control lists, and those are 9 times out of 10 fundamentally flawed. A different and often mostly better approach that might be worth thinking about is to use 'object capabilities' for authorization. sincerely. _______________________________________________ qi4j-dev mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/qi4j-dev
