From: | Dave Cramer <pg(at)fastcrypt(dot)com> |
---|---|
To: | Thomas Hallgren <thhal(at)mailblocks(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Attention PL authors: want to be listed in template table? |
Date: | 2005-09-08 20:30:17 |
Message-ID: | FC1DD37F-CFD6-43BD-90F5-D3567725FA81@fastcrypt.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 8-Sep-05, at 3:45 PM, Thomas Hallgren wrote:
> Tom Lane wrote:
>
>> Actually, I've just been discussing this with Red Hat's gcj people in
>> connection with a different project. What they say is that the Java
>> security manager is completely implemented now, but what is still
>> missing is that it's possible to bypass Java security if you can
>> execute
>> untrusted bytecode. So if I understand correctly, a gcj
>> environment is
>> secure as long as you can prevent hacked-up class files from getting
>> into your classpath.
>>
Pretty tough to do, since you can read classes in your classpath, and
modify the bytecode on the fly
There's even a library to do it for you.
> That's great news for PL/Java (and for Java in general of course).
> Did they mention a release date?
>
> Regards,
> Thomas Hallgren
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
> http://archives.postgresql.org
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-09-08 20:31:02 | Re: Attention PL authors: want to be listed in template table? |
Previous Message | Andrew - Supernews | 2005-09-08 20:29:38 | Re: initdb profiles |