Against external attacks, Drools supports knowledge base signing and checking using standard asymmetric keys infrastructure. Regarding the web application, I will let one of the guvnor guys to talk about. Against internal attacks, i.e., someone deliberately adding a malicious rule into the application, the only way is through company policies and processes that ensure a workflow for rule approval. Drools offers audit logs (runtime) and standard versioning history (in guvnor, authoring time) to track changes.
Edson On Wed, Nov 9, 2011 at 11:42 AM, kapokfly <[email protected]> wrote: > Not sure if anyone can share their experiences what kind of test cases on > Drools security should be developed and ensured? > > As the rule is just a piece of codes in String format which can be hooked > into JVM, we can assume that might open some holes and necessary security > test cases need to be designed against. > > Anyone can share their experiences on this? > > Thanks... > > -- > View this message in context: > http://drools.46999.n3.nabble.com/Security-test-cases-for-Drools-tp3494072p3494072.html > Sent from the Drools: User forum mailing list archive at Nabble.com. > _______________________________________________ > rules-users mailing list > [email protected] > https://lists.jboss.org/mailman/listinfo/rules-users > -- Edson Tirelli JBoss Drools Core Development JBoss by Red Hat @ www.jboss.com
_______________________________________________ rules-users mailing list [email protected] https://lists.jboss.org/mailman/listinfo/rules-users
