Security
Tim Boudreau
niftiness at gmail.com
Tue Mar 10 02:51:52 UTC 2015
>
> > I think there is definitely value in the module knowing what permissions
> > it needs to function, and to be shipped with those permissions. I think
> > that if this is combined with a configuration-specific verification
> > mechanism, this could allow users to express a level of trust the way
> > they do today for signed JARs, and/or perhaps be able to verify (at
> > install time) whether or not they want to go ahead with installing a
> > module with certain permissions.
>
> I can imagine building something like this, but would anyone use it?
>
Umm... no.
David, could you give a concrete example of what you're looking for?
Permissions like creating classloaders or accessing files or network - i.e.
security-manager applet-style stuff, or something else?
I don't think it works to discuss permissions in the abstract without an
explicit use case or two to understand what you're after and why.
> I've seen little evidence over the years of broad use of the fine-grained
> security model introduced way back in JDK 1.2. Do we really need to
> complicate the module system with permission declarations?
>
My instinct would be to make sure a module can provide metadata beyond just
what's in the spec, as you can with module manifests, so if someone wants
that they can implement it and do a tree of per-module SecurityManagers or
whatever; if it proves of broad value, it'd be a fine subject for its own
subsequent JSR. Happy to be convinced otherwise.
-Tim
http://timboudreau.com
More information about the jpms-spec-experts
mailing list