1 Reply Latest reply on Feb 22, 2003 11:14 PM by tom.elrod

    Security and dynamic classloading

    adrian.brock Feb 22, 2003 3:49 AM

      We cannot allow dynamic classloading
      without a security manager (sandbox)
      or at least some explicit configuration saying it is ok.

      Unless the dynamically loaded class is run in a
      sandbox, malicous code could control of the
      server.

      Regards,
      Adrian

      • 12603 Views
      • Tags:
        • 1. Re: Security and dynamic classloading
          tom.elrod Feb 22, 2003 11:14 PM (in response to adrian.brock)

          I agree. I think that we should try to fit both (classloading and security) in on interceptor stack. My personal feeling is that the interceptor stack should be added within the invoker handler and not part of the invoker itself (which should be purely transport). That way hander implementation can determine what is needed (security, transaction , etc.).

            • Actions