ObjectWeb Consortium
Search ObjectWeb Mail Archive: 

Advanced Search - Powered by Google


Mail Archive Home | proactive List | April 2006 Index

<--  Date Index  --> <--  Thread Index  -->

Re: [proactive] security policies


Thanks for replying, Mario!

> I imagine the security restrictions will depend on the features used.
Well yes, I imagine so too :-). For now I'm only using the basic features
of ProActive; activating some objects and calling methods on them. I do
have custom Activities but there's no impact on security there.

I hope somewhere is the knowledge and/or documents about which permissions
are actually needed for which features... or at least the minimal set
required for basic usage...

thanks in advance all,
best regards,
Ward




|---------+------------------------------>
|         |           Mario Leyton       |
|         |           <Mario.Leyton@sophi|
|         |           a.inria.fr>        |
|         |                              |
|         |           19-04-2006 14:11   |
|         |                              |
|---------+------------------------------>
  
>-----------------------------------------------------------------------------------------------------------------------|
  |                                                                           
                                            |
  |       To:       ward.vanlooy@xxxxxx                                       
                                            |
  |       cc:       proactive@xxxxxxxxxxxxx                                   
                                            |
  |       Subject:  Re: [proactive] security policies                         
                                            |
  
>-----------------------------------------------------------------------------------------------------------------------|




Hello,

With respect to the Unicore permissions.  As you mention, since the
above line already allows AllPermission,  the Unicore lines don't really
have an effect on the security policy. They are there, simply to keep
track of what permissinos are used by the Unicore deployment module, in
case some day the AllPermission grant is fine grained.

Unfortunately, I am not familiar with other security issues in
ProActive, but perhaps someone else in the list can help. I imagine the
security restrictions will depend on the features used.

Mario

ward.vanlooy@xxxxxx wrote:

>Hello all,
>
>I am trying to run my ProActive application in an environment which has
>various security restrictions. I can't use the policy file delivered with
>ProActive but I can somewhat edit the policies that are in place.
>Now, looking at the proactive.java.policy file as distributed with
>ProActive, it looks exactly like this:
>
>============= BEGIN proactive.java.policy
>======================================
>grant {
>  permission java.security.AllPermission;
>
>  // Reflect access private Members
>  // Used by:
>  //         -Unicore Process
>  permission java.lang.RuntimePermission "accessDeclaredMembers";
>  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
>};
>============= END proactive.java.policy
>======================================
>
>Given the AllPermission is granted, I wonder if the other two permissions
>are necessary and if they make a difference? I haven't had a situation
>where commenting them out made a difference.
>
>Anyway, my main question is: can you be more specific about which
>permissions ProActive actually needs? Granting AllPermissions is not
>allowed on one of our target environments so I was hoping it's possible to
>define a minimal set of permissions needed so I can see if those are
>allowed. Or does it really require all permissions?
>
>
>with kindest regards & thanks in advance,
>Ward Van Looy
>
>
>
>
>This e-mail and any attached files are confidential and may contain
>information which is protected by intellectual property rights. If you
>are not the addressee named above any disclosure, reproduction, copying,
>distribution, or other dissemination or use of this communication is
>prohibited. If you have received this transmission in error, please
>notify the sender immediately and destroy this e-mail.
>This e-mail does not contain any professional advice and does not
>constitute an offer regarding any financial, banking, insurance or other
>product service toward the addressee. If you like to obtain specific
>information, professional advice, an offer, or want to contract you have
>to contact the KBC company mentioned above, its branch or agent.
>E-mail transmission cannot be guaranteed to be secure or error free as
>information could be intercepted, corrupted, lost, destroyed, arrive
>late or incomplete, or contain viruses.  The sender therefore does not
>accept liability for any errors or omissions in the contents of this
>message, and shall have no liability for any loss or damage suffered by
>the user, which arise as a result of e-mail transmission.
>
>
>
>------------------------------------------------------------------------
>
>
>
>


--
You receive this message as a subscriber of the proactive@xxxxxxxxxxxxx
mailing list.
To unsubscribe: mailto:proactive-unsubscribe@xxxxxxxxxxxxx
For general help: mailto:sympa@xxxxxxxxxxxxx?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws






This e-mail and any attached files are confidential and may contain
information which is protected by intellectual property rights. If you
are not the addressee named above any disclosure, reproduction, copying,
distribution, or other dissemination or use of this communication is
prohibited. If you have received this transmission in error, please
notify the sender immediately and destroy this e-mail.
This e-mail does not contain any professional advice and does not
constitute an offer regarding any financial, banking, insurance or other
product service toward the addressee. If you like to obtain specific
information, professional advice, an offer, or want to contract you have
to contact the KBC company mentioned above, its branch or agent.
E-mail transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of this
message, and shall have no liability for any loss or damage suffered by
the user, which arise as a result of e-mail transmission.



<--  Date Index  --> <--  Thread Index  -->

Reply via email to:

Powered by MHonArc.

Copyright © 1999-2005, ObjectWeb Consortium | contact | webmaster.