[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnu.java.nio.FileChannelImpl
|
From: |
Michael Koch |
|
Subject: |
Re: gnu.java.nio.FileChannelImpl |
|
Date: |
Fri, 26 Nov 2004 11:57:53 +0100 |
|
User-agent: |
KMail/1.6.2 |
Am Freitag, 26. November 2004 11:45 schrieb Jeroen Frijters:
> Michael Koch wrote:
> > What do you do if someone writes a package gnu.foobar and wants
> > to access it ? There are some gnu.* packages out there.
>
> Hmm. Typically these won't be loaded by the bootstrap class loader,
> so it shouldn't be a problem, but if you want to avoid any possible
> problems we can also introduce a gnu.classpath.private.* package
> for all the classes that are privileged.
>
> > Do you want to
> > maintain the list of packages to allow ? The list of packages we
> > need to limit access too is much leaner and well known to us as
> > the packages are maintained under our control.
>
> Black listing isn't as secure as white listing. It's easy to forget
> to add a package and not having access to a package is better than
> having a security hole.
Thats true. We could automate it. E.g. we could write a script which
generates the list automatically during build time. Perhaps too much
overhead. The bootstrap class loader should to the trick. Hopefully.
Michael
--
Homepage: http://www.worldforge.org/
- Re: gnu.java.nio.FileChannelImpl, (continued)
- Re: gnu.java.nio.FileChannelImpl, Ewout Prangsma, 2004/11/26
- Re: gnu.java.nio.FileChannelImpl, Michael Koch, 2004/11/26
- Re: gnu.java.nio.FileChannelImpl, Ewout Prangsma, 2004/11/26
- Re: gnu.java.nio.FileChannelImpl, Michael Koch, 2004/11/26
- Re: gnu.java.nio.FileChannelImpl, Ewout Prangsma, 2004/11/26
RE: gnu.java.nio.FileChannelImpl, Jeroen Frijters, 2004/11/26
RE: gnu.java.nio.FileChannelImpl, Jeroen Frijters, 2004/11/26
RE: gnu.java.nio.FileChannelImpl, Jeroen Frijters, 2004/11/26
RE: gnu.java.nio.FileChannelImpl, Jeroen Frijters, 2004/11/26