[Aglets-users] Aglet Security Insanity
Status: Beta
Brought to you by:
cat4hire
From: Philip W. <phi...@ea...> - 2001-09-28 04:46:40
|
How could an aglet possibly arrive and even open a window in a context having an undefined/blank/empty aglets.policy file? There are API aglet permissions for "dispatch, clone, dispose, etc" - so why not for "arrive"? I am trying to secure my aglet server. I can not continue with aglet development or distribute a custom aglet server until it is secure. aglet.secure is set to true (even by default). To simplify, I have switched from my custom server app back to Tahiti. I do not understand how to impose codebase permissions such that the only aglets that may arrive are aglets created by a certain owner. Perhaps, I have not created my Tahiti2 keystore correctly - I don't know. The reason I decided to move back to Tahiti is as follows. In my custom server app, even if an aglet was created locally using an atp codebase, for some reason only the file codebase grants were applying. So I moved back to Tahiti and the atp grants are affecting the atp created aglets correctly. Now in my Tahiti2 execution, it is allowing Tahiti1 aglets to arrive via atp. For Tahiti1, I'm using the supplied keystore. For Tahiti2, I'm, using a custom keystore. My custom keystore has only one entry: "philmaker" alias (no "anonymous" alias). What I can not understand is how a foreign aglet could possibly even arrive at Tahiti2 when the aglets.policy file is completely blank. ???? Is it because every keystore must also have an anonymous entry and I also must grant permissions for owner "anonymous"? If so, how do I do that? Should I create another key with a blank password? Please help if you can, Philip Weaver |