• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Too minimalistic policy files?

 
Pander Musubi
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
These are my policy files. I think these are as minimalistic as it can get. My question is, they aren't too restricting are they? Application works fine with it.
policy server side
grant {
permission java.io.FilePermission "*", "read,write";
permission java.net.SocketPermission "*:1024-65535", "connect,accept";
};
policy client side
grant {
permission java.net.SocketPermission "*:1024-65535", "connect";
};
 
Terry Martinson
Ranch Hand
Posts: 293
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I thought I read somewhere that if we start our registry programmatically, we don't need a policy file. Does anyone know if that's true or not?
TJ
 
Andrew Monkhouse
author and jackaroo
Marshal Commander
Pie
Posts: 12014
220
C++ Firefox Browser IntelliJ IDE Java Mac Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Pander & Terry,
Pander: it looks like you have the necessary permissions for loading remote files and listening on unsecured ports. So these permissions should be all you need. However:
  • You do not really need a security manager (see below)
  • These are very open security policies - they allow reading of any file, and connection to/from any address. While this is necessary since you do not know where your files are going to end up, you might want to make a note in your user documentation stating that your security policies are fairly insecure


  • If you install a SecurityManager, then you will need the policy files, regardless of whether you start the RMI Registry programatically or not.
    If you start the RMI Registry programatically, then you can avoid installing a Security Manager altogether. This is because the files to be loaded will be local (therefore no need for FilePermissions), and standard user policies for a stand alone application allow you to open connections to any internet address, and listen on any unsecured port (therefore no need for the SocketPermissions).
    Regards, Andrew
     
    Terry Martinson
    Ranch Hand
    Posts: 293
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Thanks for the great explanation Andrew!
    One other note: In some of the specs (i.e. mine which is 1.2.1 URLyBird) under RMI restrictions, it says "You must not require the installation of a security manager." So be sure to check your restrictions if you do decide to proceed with the security manager / policy file approach!
    TJ
     
    Pander Musubi
    Greenhorn
    Posts: 16
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    My assignment doesn't talk about it, it even states that is is allowed to used security manager policy file as command line argument. But of course it is important to tell why you choose for this or that. Thanks for your replies.
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic