Re: [Simple-support] Running in applet
Brought to you by:
niallg
Menu
▾
▴
Re: [Simple-support] Running in applet
|
From: Niall G. <gal...@ya...> - 2011-03-18 10:19:43
|
This is true of any code, if you control your applet codebase then just don't allow code you don't know to be loaded. Simple is no different yo anything else. If you control your codebase, then you know, only methods with annotations can be invoked. You are in control here. If it were XML schemas without any annotations like for example castor etc.. then thats another issue. But if its not annotated, it can not be invoked by simple. --- On Thu, 17/3/11, Steve Martins <Ste...@te...> wrote: From: Steve Martins <Ste...@te...> Subject: [Simple-support] Running in applet To: Sim...@li... Received: Thursday, 17 March, 2011, 9:05 AM Hi, I am trying to deserialize an xml string within an applet, however due to security restrictions I am getting an exception for accessDeclaredMembers: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers) I have found the following: accessDeclaredMembers: This target grants permission to access the declared members of a class. Granting this permission allows code to query a class for its public, protected, default (package), and private fields and methods. Although the code would have access to the private and protected field and method names, it would not have access to the private and protected field data and would not be able to invoke any private methods. Nevertheless, malicious code may use this information to better aim an attack. Additionally, malicious code might invoke any public methods or access public fields in the class, which could be dangerous if the code would normally not be able to invoke those methods or access the fields because it cannot cast the object to the class or interface with those methods and fields. So this seems like it is a security issue, but how best to get around this? Has anyone else come up against this problem? Thanks, Steve Martins Senior Systems Developer Tel: +44 (0) 1908 684600 Mobile: +44 (0) 7500 956260 www.tensator.com / mailto:ste...@te... This message and any attachments are confidential to the ordinary user of the e-mail address to which it was addressed and may also be privileged. If you are not the addressee you may not copy, forward, disclose or use any part of this message or it's attachments and if you have received this message in error, please notify the sender immediately by return e-mail and delete it from your system. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender therefore does not accept liability for any error or omissions in the context of this message, which arise as a result of Internet transmission. Any opinions contained in this message are those of the author and are not given or endorsed by Tensator Limited or offices through which this message is sent unless otherwise clearly indicated in this message and the authority of the author to so bind the Tensator Limited entity to is duly verified. -----Inline Attachment Follows----- ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d -----Inline Attachment Follows----- _______________________________________________ Simple-support mailing list Sim...@li... https://lists.sourceforge.net/lists/listinfo/simple-support |
