This is the mail archive of the
java@gcc.gnu.org
mailing list for the Java project.
Re: [freenet-tech] Technology / Features
Hi,
On Mon, 2002-02-25 at 19:54, Brian Jones wrote:
>
> Unless I'm missing something, the libraries probably aren't doing
> enough of the required API level security checks that are supposed to
> be going on. Of course, I may be wrong. Classpath's default security
> provider does nothing anyway. Adam could be referring to something
> else.
Also note that our java.util.jar package does not do Certificate lookups
and checking which makes it impossible for the URLClassLoader to set the
ProtectionDomain correct for classes.
Letting java.util.jar handle Certificates correctly should not be such a
big/difficult task to implement (although it is a long time ago that I
implemented that package. And there is probably a reason that I didn't
implement it back then, but maybe it was just the fact that we had no
java.security yet. I don't really remember). So if someone is looking
for a fun thing to hack on...
Cheers,
Mark