Implementing security
瀏覽次數:58 次
跳到第一則未讀訊息
Ábrahám Endre
2015年7月6日 清晨6:34:022015/7/6
收件者:mozill...@googlegroups.com
Hi
I'm trying to implement some security to my java application, it's quite unsecure that a script wirter can read/write anything to the filesystem and can use the network unmonitored.
I know ClassShutter is not enough and not an efficient way to to this (do i have to manually shut off every FileIO and network class?), there is something about a SecurityController but for that I have to specify JVM BYTECODE FOR MY CLASS????
The MDN documentation about this is uncomplete and outdated there are some words over this on stackoverflow but not enough, the javadoc is deficient too.
Hope someone can help me out I'm struggling with this for weeks now, thank you
I'm trying to implement some security to my java application, it's quite unsecure that a script wirter can read/write anything to the filesystem and can use the network unmonitored.
I know ClassShutter is not enough and not an efficient way to to this (do i have to manually shut off every FileIO and network class?), there is something about a SecurityController but for that I have to specify JVM BYTECODE FOR MY CLASS????
The MDN documentation about this is uncomplete and outdated there are some words over this on stackoverflow but not enough, the javadoc is deficient too.
Hope someone can help me out I'm struggling with this for weeks now, thank you
Harshad RJ
2015年7月6日 清晨7:13:462015/7/6
收件者:mozill...@googlegroups.com
Hi,
You are right; you have to install a SecurityManager. But it is a large topic, and it is important to understand the details, since a missing detail can compromise the security. Here's a very brief summary:
The sandboxing works via a permission mechanism. Permissions can be defined by extending the Permission class. There are many predefined permissions (for File i/o, Network i/o, etc).
Whenever, a critical function needs to be executed, the function asks the security manager whether the calling context has the necessary permission. For example, if you call File.delete(), that function will call SecurityManager.checkDelete(). This function will check that all code on the current stack has been granted the permission to delete that file.
Whenever, a critical function needs to be executed, the function asks the security manager whether the calling context has the necessary permission. For example, if you call File.delete(), that function will call SecurityManager.checkDelete(). This function will check that all code on the current stack has been granted the permission to delete that file.
Now, how do you give different permissions to different parts of your code (for example, scripts)? The class loader which loads a class, has to specify the source (location) of the class, i.e. from which jar file, or URL it was loaded. Based on this source field, and the security policy in place, the permission are granted / denied.
We have implemented this in gngr. You can have a look at LocalSecurityPolicy and the Window class, to get an idea.
Feel free to ask more questions.
Feel free to ask more questions.
回覆所有人
回覆作者
轉寄
0 則新訊息