Hi all!
I agree with Gunnar on this one.
2008-11-25 18.00, Gunnar Peterson wrote:
maybe the problem with least privilege is that it requires that
developers:
1. define the entire universe of subjects and objects
2. define all possible access rights
3. define all possible relationships
Has anyone had experience using Sword4J to determine permissions?
http://www.alphaworks.ibm.com/tech/sword4j
From the site: The Authorization Analysis functionality determines
which authorizations are needed in order to run Java code when a
SecurityManager is enabled. The Privilege Code Analysis