Raoul Duke wrote:
IHMO, Niclas is talking about the Java
Sandbox/SecurityManager/AccessController. So it's not about security in
the sense of authorization against the application, but to provide means
for running a qi4j application in a restricted (sandboxed)
environment (e.g Google AppEngine). I started a similar thread last
year, but it got dormant (too early for it?):
http://lists.ops4j.org/pipermail/qi4j-dev/2008-June/002721.html
Cheers, Georg
I have just realized that we probably need to become more security
concerned than we have been so far.
Anyone has any thoughts on this topic?
I don't understand your situation entirely, apologies if I'm way off
base, and I suspect you want to go with standard Java approaches to
managing security. But... I'll throw out $0.02 that most security is
based on access control lists, and those are 9 times out of 10
fundamentally flawed. A different and often mostly better approach
that might be worth thinking about is to use 'object capabilities' for
authorization.
sincerely.
_______________________________________________
qi4j-dev mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/qi4j-dev
_______________________________________________
qi4j-dev mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/qi4j-dev
