RFD: Services lockdown for security providers
Peter Firmstone
peter.firmstone at zeus.net.au
Wed May 24 23:05:36 UTC 2023
Or this, which is an example of limiting a codebase by it's SHA-384
signature:
https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#L2241
--
Regards,
Peter Firmstone
0498 286 363
Zeus Project Services Pty Ltd.
On 25/05/2023 8:48 am, Peter Firmstone wrote:
> These are examples of how we currently lock down the JVM, to limit
> providers, policy files are generated using a tool, it may do as an
> interim control measure, until something else is provided, it is of
> course a deprecated feature, subject to future removal, but it may do
> the job temporarily, without introducing code dependencies.
>
> https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#LL194C27-L194C27
>
>
> https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#L621
>
>
> https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#L644
>
>
> https://github.com/pfirmstone/JGDMS/blob/14608ea34eb7c109d41e296a62669522862f6a49/qa/harness/policy/defaultsecuretest.policy#L688
>
>
More information about the security-dev
mailing list