[rfc][icedtea-web] Reflectively add URLPermission to SecurityDesc if available
Omair Majid
omajid at redhat.com
Tue Jul 15 15:19:22 UTC 2014
* Andrew Azores <aazores at redhat.com> [2014-07-15 11:12]:
> Which part? Just the URLPermission's port, or the downloadHost itself?
The port: it should match the port where the jars were downloaded from.
> Okay, the attached patch explicitly uses the "wildcard port" for
> URLPermission. I also added some new tests and cleaned up the existing
> SecurityDesc tests.
I think it would be more correct to match the source port (the port
where the jars were downloaded from). The patch seems more lax than what
the Same-Origin-Policy specifies. It's okay for now, but it should be
locked down further.
Thanks,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the distro-pkg-dev
mailing list