This is the mail archive of the java@gcc.gnu.org mailing list for the Java project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: JSP Servlet container / WEB server

From: Mark Wielaard <mark at klomp dot org>
To: gnustuff at thisiscool dot com
Cc: Andrew Haley <aph at redhat dot com>, java at gcc dot gnu dot org, Lars Andersen <lars at rimfaxe dot com>
Date: 20 Jul 2003 15:26:47 +0200
Subject: Re: JSP Servlet container / WEB server
References: <NHANK1VYXCOLRQDAZW62C9B0A5IDG.3f1a9105@p733>

Hi,

On Sun, 2003-07-20 at 14:54, Mohan Embar wrote:
> > > I don't recall if I'm remembering this correctly, but isn't gcj somewhat
> > > lacking in things like class verification and maybe even security checks?
> >
> >This is true.  The gcj libraries don't implement the Java security
> >sandbox.
> 
> Do they not implement this at all? Maybe not a true applet sandbox, but I
> see lots of SecurityManager calls in the net code for example. I haven't
> followed these to see if they lead anywhere, though.

Most of the security framework/support is in the libraries. There are
only a few last issues with the byte code verifier. And java.util.jar
should correctly assign certificates from classes loaded from jar files
which is currently not implemented. But the big missing thing is
java.security.AccessController. This is were most of the security checks
end up and if you look at the implementation you will see that it is
just stubs at the moment.

Cheers,

Mark

References:
- Re: JSP Servlet container / WEB server
  - From: Mohan Embar

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]