Re: [Openjmx-devel] RMI adaptor and remote notifications

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Bordet, Simone wrote:

[...]

>Yes, using MLets you can download jars and install nasty MBeans. This definitely calls for a SecurityManager. There are some trick to be solved (for example how to update the policy file) though.
>
You can't update a policy file at run-time before JDK 1.4.

[...]

>2) it will add *a lot* of complexity for use of adaptors: login, credentials, permissions. And all dynamic. The JMX spec does not address security issues, these must be discussed here. For example there should be a super user that allows to add new management users (that then may login to a http adaptor). So, many security levels... it must be well thought.
>
It depends on the the level of security you want to provide.

Jerome.