Do you use a SecurityManager?

A recent thread at TheServerSide.com discussed the use of a SecurityManager. Most people seem to be running without a SecurityManager, so I'd like to post an open question to the audience: do you use a SecurityManager, and if not, why? We'd like to know what we can do to make it easier/better?

Summing up the thread, some have two main reasons for not using a SecurityManager:

  • Configuring permissions is difficult
  • Turning on security affects performance

While others have use a SecurityManager because of:

  • SecurityManagers (in EE) are often used just to enforce certain programming paradigms that are not necessarily security-specific (EJB's should not write to the file system, servlets should not spawn threads)
  • SecurityManagers are especially needed if you're running untrusted code
  • Even if you're only running trusted code, SecurityManagers can still be useful in preventing vulnerabilities caused by buggy software

I'll try to measure the performance impact of enabling a SecurityManager in Glassfish and post the results so we can start to look at improving the performance.

[Technorati Tags: ]

Comments:

IMHO, the security manager is one of the most deglected (marketing-wise) part of the Java platform.

Just pick up any book on Java and it's very likely that it will not even mention that such a thing as Security Manager exists.

I never used it because I don't know how to fully take advantage of it, nor even why should I use it. I know that it is there, and I know basicaly what it does, but that's about it.

I see its importance in applet world where one can run an app (possibly hostile) just by going to a website, but in SE and EE world it usually only gets into my way. Btw in SJSAS security manager is on by default (I'm not sure about Glassfish), you have to tweak permissions when you want to use Hibernate with it (that's also an example of how it gets into way).

Posted by Igor on September 05, 2006 at 11:12 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

martin

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today