demba90 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

Develop SecurityManager class #181

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
(From Kevin) Develop a new SecurityManager class that will work similar to the 
way that
   SELinux's audit2allow works. The security manager would produce a log file
   of security violations as per the current security policy, but otherwise
   allow continued access. This is useful to product an appropriately
   restricted security policy file. Without it, developers generally punt
   and put in AllPermissions for their code. If it were easier to produce
   a security policy file, then perhaps more folks would use a
   SecurityManager. (Note: it's hard to imagine that someone somewhere has
   not already done this. I just have not looked.)

Original issue reported on code.google.com by manico.james@gmail.com on 11 Nov 2010 at 3:14

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 11 Nov 2010 at 1:54

GoogleCodeExporter commented 8 years ago

Original comment by manico.james@gmail.com on 29 May 2012 at 3:22

GoogleCodeExporter commented 8 years ago
Jeremy Long pointed me to Mark Petrovic's ProfilingSecurityManager which does 
just this. It is not under any standard FOSS license, but its licensing terms 
appear to be compatible with most open source licensing principles.

Find details at: 
http://www.onjava.com/pub/a/onjava/2007/01/03/discovering-java-security-requirem
ents.html

Original comment by kevin.w.wall@gmail.com on 11 Jul 2013 at 10:17