Re: security audit

----- Original Message -----
From: "Will Glass-Husain" <wglass@xxxxxxxxx>
To: <velocity-user@xxxxxxxxxxxxxxxxxx>
Sent: Friday, May 30, 2003 7:29 PM
Subject: Re: security audit


> Attila,
>
> Thanks for the quick explanation of Java security policies.  It's still
not
> immediately obvious to me how to configure this, but your email gives some
> pointers.  As I understand it, this will require (A) some patching of the
> Velocity source to implement Privileged Action and (B) editing the
> catalina.policy file in my Tomcat conf directory.  Does this seem about
> right?

Yes. The easiest way to discover where to put privileged actions is to use
the permission sniffer I pointed you to (nota bene: the instructions on the
site are wrong. don't put the jar in the classpath, but rather in the boot
classpath, or in the ext directory of the JRE). Out of curiosity, I just run
it on the FreeMarker test suite and as it turned out, it needed privileged
actions only for file I/O and for accessing system properties. I believe
Velocity will turn out to be quite similar. One thing to keep in mind is
that somewhere you will want to enclose in privileged actions, and in other
places you'll want to leave the code as-is so that caller's permission
restrictions remain effective. I.e. one possible candidate is code that
triggers accessClassInPackage.* permission checks - if the caller of the
merge() method doesn't have permission to access a certain class, then it
shouldn't be neither able to do it through invoking a template.

Actually, I estimate that properly setting up the policy file will be the
larger part of the work.

Attila.