This page contains an archived post to the Design Forum (formerly called the Flexible Java Forum) made prior to February 25, 2002.
If you wish to participate in discussions, please visit the new
Artima Forums.
Message:
security of applications with class reloading
Posted by Hamish Cunningham on September 01, 2000 at 6:35 AM
Hi I have an application that makes public the class loader method that takes an array of bytes etc. and returns a Class. It also has a run-time compiler based on some (naughty) use of the sun.tools package. Both of these seem to make the application very insecure, particularly as it allows the loading of user code (this code could potentially do anything it likes by using the run-time compiler, or defineClass, to import other code that doesn't conform to the interfaces that we allow to load). The solution that I'm thinking of is: deliver the application as a sealed jar file; make the run-time compiler and the defineClass method only allow processing of classes that are in the same package as the sealed jar contains. Does this make any sense? If you're interested, the application in question is at http://gate.ac.uk/ Thanks, Dr. Hamish Cunningham Research Fellow in Computer Science, University of Sheffield http://www.dcs.shef.ac.uk/~hamish
Replies:
|