Re: [GNU Crypto] how to deal with weak keys. was: Documentation

gnu-crypto-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU Crypto] how to deal with weak keys. was: Documentation

From:	Raif S. Naffah
Subject:	Re: [GNU Crypto] how to deal with weak keys. was: Documentation
Date:	Sat, 7 Jun 2003 06:36:12 +1000
User-agent:	KMail/1.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hello Marcel,

On Fri, 6 Jun 2003 11:26 pm, Marcel Winandy wrote:
> Raif S. Naffah wrote:
> > > There is another issue about the security manager. The security
> > > manager can be exchanged or even absent. Since J2SE, it is better
> > > to use the Access Controller directly because it is always
> > > present and cannot be exchanged.

noted.


> > can you point to example code?
>
> Consider a class "A" providing a method "getSecret()". There is a
> permission class, "MyPermission", to access A's getSecret() method. A
> named permission, called "getSecret" is created and checked in the
> getSecret() method.
>
> Using the security manager you would first check for its presence:
> -------------------------------------------
>   if (sm != null) {
>      /* verify permission */
>   }
> -------------------------------------------
>
> However, newer Java versions delegate all requests to the
> AccessController which implements the standard access control
> algorithm. The AccessController is always present and cannot be
> altered during runtime. The example code according to class "A" will
> look like this when using the AccessController directly:
> ---------------------------------------------------------------------
>----------------------------------- public Object getSecret() {
>   try {
>     AccessController.checkPermission(new MyPermission("getSecret"));
>   }
>   catch (AccessControlException) {
>     // output: Access denied!
>   }
>   return secret;
> }

ok.


> It is strongly recommended to use the AccessController instead of a
> security manager (see [2]). The example is taken from [1].

noted.


>
> Bye,
>  Marcel
>
> [1] M. Winandy, A.B. Cremers, A. Spalka, H. Langweg, "Protecting Java
> Component Integrity Against Trojan Horse Programs", Integrity and
> Internal Control in Information Systems V, Kluwer, 2003.

is there an on-line version of this paper?


> [2] L. Gong, "Inside Java 2 Platform Security", Addison-Wesley, 1999.


cheers;
rsn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Que du magnifique

iD8DBQE+4Ps8+e1AKnsTRiERA5sjAJ9c2MKXPT7FsafZhsrKoD5t/rlzgwCeMLcb
yQaZYC+AHHI5kusljtanW14=
=nfHE
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Marcel Winandy, 2003/06/06
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Raif S. Naffah <=
  - Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Marcel Winandy, 2003/06/07

Prev by Date: Re: resolution. was: [GNU Crypto] how to deal with weak keys.
Next by Date: Re: [GNU Crypto] how to deal with weak keys. was: Documentation
Previous by thread: Re: [GNU Crypto] how to deal with weak keys. was: Documentation
Next by thread: Re: [GNU Crypto] how to deal with weak keys. was: Documentation
Index(es):
- Date
- Thread