1 Reply Latest reply on Feb 22, 2003 11:14 PM by Tom Elrod

    Security and dynamic classloading

    Adrian Brock Master

      We cannot allow dynamic classloading
      without a security manager (sandbox)
      or at least some explicit configuration saying it is ok.

      Unless the dynamically loaded class is run in a
      sandbox, malicous code could control of the
      server.

      Regards,
      Adrian

        • 1. Re: Security and dynamic classloading
          Tom Elrod Master

          I agree. I think that we should try to fit both (classloading and security) in on interceptor stack. My personal feeling is that the interceptor stack should be added within the invoker handler and not part of the invoker itself (which should be purely transport). That way hander implementation can determine what is needed (security, transaction , etc.).