You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@openwebbeans.apache.org by "Mark Struberg (JIRA)" <ji...@apache.org> on 2012/12/31 16:18:12 UTC

[jira] [Commented] (OWB-549) Security review needed for ClassUtil

    [ https://issues.apache.org/jira/browse/OWB-549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13541388#comment-13541388 ] 

Mark Struberg commented on OWB-549:
-----------------------------------

The first step is to reduce the number of methods in ClassUtil. Especially trivial methods which do heavy reflection stuff are breaking our security.
In another step we will introduce commons-weaver + privilizer module to generate all the doPriviliged blocks for us.
                
> Security review needed for ClassUtil
> ------------------------------------
>
>                 Key: OWB-549
>                 URL: https://issues.apache.org/jira/browse/OWB-549
>             Project: OpenWebBeans
>          Issue Type: Bug
>    Affects Versions: 1.0.0, 1.1.0
>            Reporter: Mark Struberg
>            Assignee: Mark Struberg
>             Fix For: 1.2.0
>
>
> Our ClassUtil currently contains lots of static methods which might get used to void our security. Thise methods must get allowed in the SecurityManager, but are publicly callable.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira