Registered: May, 2003
Re: It's insecure code!
Posted: May 27, 2003 12:50 PM
> > Sure, you'll feel safe, but there will be a whole lot
> > other things you won't be able to do. What is needed is
> > proper security policy file that lists EXACTLY what you
> > are and are not allowed to do.
> > I am yet to discover a company that runs their
> > applications with security managers.
> > Heinz
> J2EE application servers rely on security managers to
> enforce J2EE coding restrictions.
> Furthermore, establishing a correct policy file is easier
> than it seems using tools like Stu Halloway's permission
> A tool like that is not even particularly hard to write
> yourself. Create a custom SecurityManager that permits
> everything your app needs during normal operation and log
> all permissions requested. Dump them in a policy format at
> the end.
Sure, it is not hard to write, but if you look at standard Java applications (i.e. standalone, not running on an application server), I bet that very few developers would spend the time writing them correctly. Or maybe I have just not seen the right types of projects?
So, let's not worry whether this is insecure or not. It is plain stoooooopid to do something like this, and I am almost 100% sure that you won't find such code anywhere in a real system. It is just amusing to see that two different constant Strings can be made to equal each other :-)
Or maybe we could tackle the big problem of i18n like this? *evil grin*