• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Dynamic connection mode changing

 
Andras Nemeth
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
I did my assignment so that the user can change the connection
mode anytime. It works fine except one case:
The user selected network mode (and failed) :
And later wants to change to local mode. The connection failed,
because of security problem with
access denied (java.io.FilePermission .\suncertify\db\db.db write)
The problem is that at RMI connection I set the RMISecurityManager and when I want to make a new local connection it is exists.
I tried to use
System.getSecurityManager when I start the client to save the original SecurityManager and set it back when local connect is called. But, at this time I do not have rights to set the SecurityManager... (Should this kind of right to the policy file which is used by RMISecurityManager?)
Any good idea?
Br,
Ban
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Andras, you're going over the top. Why not simply let the user choose the mode once, when the application is started.
- Peter
 
Andras Nemeth
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Peter,
Originally posted by Peter den Haan:
Andras, you're going over the top. Why not simply let the user choose the mode once, when the application is started.
- Peter

As always you are right! But, because of the design of my GUI and (thanx to your driving) connection factory let it doing easy. I just didn't think I will run into this kind of problem. Anyhow, I solved it with putting allow setSecurityManager sec. in my client policy file.
BTW, I read about security in Core Java and they do not suggest using security manager at server side, at all. What is your exprience with it.
Thanks a lot. I really appreciate your help.
Cheer up,
Ban
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Regarding security in a production environment, I think "totally paranoid" is the right frame of mind (the folks at Redmond would disagree with me). I'd want to hammer security tightly on the server side as well as the client side if I had my way. Should the server have a security problem and be compromised, the Java security settings are another line of defense before an attacker can read secret documents or read operating system files.
For the assignment, it's another matter. Yes, I did provide both client-side and server-side security policies, but they weren't terribly restrictive or sophisticated. My best guess is that you're alright taking the easy way out and enabling the setting of a security policy, even though that seriously weakens the entire security set-up.
- Peter
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic