From: Tim A. <tm...@ne...> - 2003-07-29 11:42:06
|
> From: ope...@li... > [mailto:ope...@li...]On Behalf Of George > Mullen > > I too prefer method [2] based on the ip address and java.rmi.server.UID. > However a couple of point to bear in mind > i) the IP address may default to loopback 127.0.0.1 if the java code is > untrusted. This can happen in the case of unsigned applets or servier > side code running in third part containers which have local java > security policies. True - I don't know of any easy workaround in this case. If a client can't determine its host, it could always be assigned a unique id from the server, and concatenate the UID to that. > > ii) It is possible to get an ID collision if the UID class is loaded > into different classloaders running on the same host e.g separate jvm > processes, different web apps in Tomcat, different SAR in Phoenix. I don't know if this can happen, as the UID class is loaded by the JVM. > > Regards > George |