Michael Silk wrote:Of course they are, but it is pointless to have only ONE of them enabled. You need BOTH Security Manager and Verifier to start to have a Sandbox (and even then the Sandbox's security will depend on the security policies)"What is the point of the verifier?' , 'Why use it? and 'What are the The security manager allows you to restrict runtime-knowledge typeSure, but when you have a security policy that restricts access to sockets files, if the code you are trying to restrict is executed with -noverify, then there are ways around those restrictions and have 'unauthorized' access to those sockets or files. Ok, but what about the security manager?Given that the main attack vector (to exploit the lack of verification) I agree that in Option A) the value is not 99% (since the BEA/Tomcat/Webshepre code will take more that %1) But on Option B) (" Java code deployed to live systems is executed in an environment with the verifier disabled OR with the security manager disabled" ), which it the one that matters, we are still at 99% since the only code that falls outside that category (i.e. executed with the verifier AND the security manager enabled) is the mobile code which is executed under the default browser Java policies (we have to exclude the mobile Java code which requests and is granted more privileges). Am I the only one that finds it surprising that such a pillar of Java Security is not properly known and information about 'who does what' doesn't seem to be readily available?If not, what value should Option A and B be? 10%, 50%, 75?Download the app servers and check the documentation? I'd guess most Dinis Cruz Owasp .Net Project www.owasp.net |
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
