• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Do we need a policy file and a security manager at all?

 
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I found that for some reason my server and client work fine w/o a policy file and a sec. manager. What's the point behind this fact? Do I need them at all?
 
Ranch Hand
Posts: 273
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do I need them at all?
Of course not. If it works without it. But look the scenario what they gave to us. It is client server programming. Isn't it? Some where someplace security problems occures. Does not it? Better to have to be in safe side. My $0.02 suggestion.
-Bal
 
Roman Rytov
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I totally agree. But the question is whether to supply fully unsecure policy file or not. As I see in the forum a lot of people did it (I mean the policy file with java.security.AllPermission property). But the point is how can I test it:-) If on my mashines it works fine w/o policy file what's the way to check correctness of the file and other syntax?
 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are you running security manager from within your client and server?
 
Bal Sharma
Ranch Hand
Posts: 273
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
...But the point is how can I test it:-) If on my mashines it works fine w/o policy file what's the way to check correctness of the file and other syntax?
Roman:
I am confused here. How does it work if you have set Security feature both in server and client side as below:?

It is right, I do have fully unsecure policy file like this.
grant {
Permission java.security.AllPermission;
};
When I want run in remote mode, man! I got to type long louzy command to start server and as well as I got key in louzy command to run client. My command are as follows.

If I misspell anyone, it won't run server OR client. It complains a lot. But in local mode I just key in easy one:
c:\scjd>java -jar client.jar
Hope it helps.
-Bal
[ February 19, 2002: Message edited by: Bal Sharma ]
 
Roman Rytov
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Bal, sorry for delay with answer. I got your point.
I tried my deployment in two ways. First one is to put all necessary server's stubs into the client's jar. In this case there is no reason to use downloading of classes and hence no need for RMISecurityManager, polciy file and codebase property.
Aother way isi not to put any remote stubs into the client jar but in this case we need codebase, RMISecurityManager and policy file (in my case for running the server and for client also).
So I chose the firs case. Not to put stubs into the clien jar and provide necessary instructions for a tester how to change all options in the command line.
What do u think?
[ February 22, 2002: Message edited by: Roman Rytov ]
 
Bal Sharma
Ranch Hand
Posts: 273
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Roman:
Choice is yours. You are the boss. This is your project and it is your company. Our goal is XXX/155, right! Watch out for my score XXX
Just for hint. This is my personal opinion, it is possible, lot of people may not agree this. Minimum requirements must be met, this is my apporach . Addtional features it depends on you.
My instruction reads ...command lines only take configuration parameters selected form this list, Last two are:
  • java.rmi.server.codebase
  • security manager policy file


  • I may be wrong, you could right. I took it as implied must requirement, because it is client server application. If there is no security features in a multiple clients environment, are not we inviting hacker, cracker to break our system? I am silly, I thought RMISecurityManager got to be there; although it works without it. I do not know.
    Good luck Roman, whatever you do, it does not matter, there are multiple right answer. But what you do strongly defend it that you think was the best available choice.
    -Bal
    [ February 22, 2002: Message edited by: Bal Sharma ]
     
    reply
      Bookmark Topic Watch Topic
    • New Topic