[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU Crypto] how to deal with weak keys. was: Documentation
From: |
Raif S. Naffah |
Subject: |
Re: [GNU Crypto] how to deal with weak keys. was: Documentation |
Date: |
Sat, 7 Jun 2003 06:36:12 +1000 |
User-agent: |
KMail/1.5.1 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
hello Marcel,
On Fri, 6 Jun 2003 11:26 pm, Marcel Winandy wrote:
> Raif S. Naffah wrote:
> > > There is another issue about the security manager. The security
> > > manager can be exchanged or even absent. Since J2SE, it is better
> > > to use the Access Controller directly because it is always
> > > present and cannot be exchanged.
noted.
> > can you point to example code?
>
> Consider a class "A" providing a method "getSecret()". There is a
> permission class, "MyPermission", to access A's getSecret() method. A
> named permission, called "getSecret" is created and checked in the
> getSecret() method.
>
> Using the security manager you would first check for its presence:
> -------------------------------------------
> if (sm != null) {
> /* verify permission */
> }
> -------------------------------------------
>
> However, newer Java versions delegate all requests to the
> AccessController which implements the standard access control
> algorithm. The AccessController is always present and cannot be
> altered during runtime. The example code according to class "A" will
> look like this when using the AccessController directly:
> ---------------------------------------------------------------------
>----------------------------------- public Object getSecret() {
> try {
> AccessController.checkPermission(new MyPermission("getSecret"));
> }
> catch (AccessControlException) {
> // output: Access denied!
> }
> return secret;
> }
ok.
> It is strongly recommended to use the AccessController instead of a
> security manager (see [2]). The example is taken from [1].
noted.
>
> Bye,
> Marcel
>
> [1] M. Winandy, A.B. Cremers, A. Spalka, H. Langweg, "Protecting Java
> Component Integrity Against Trojan Horse Programs", Integrity and
> Internal Control in Information Systems V, Kluwer, 2003.
is there an on-line version of this paper?
> [2] L. Gong, "Inside Java 2 Platform Security", Addison-Wesley, 1999.
cheers;
rsn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Que du magnifique
iD8DBQE+4Ps8+e1AKnsTRiERA5sjAJ9c2MKXPT7FsafZhsrKoD5t/rlzgwCeMLcb
yQaZYC+AHHI5kusljtanW14=
=nfHE
-----END PGP SIGNATURE-----