|
|
|
|
|
|
by tonyg
2756 days ago
|
|
|
The SecurityManager is an example of ambient authority, exactly the kind of design that the article is criticizing. There's at most one SecurityManager per application, meaning you can't in general use it for fine-grained confinement. It's only "granular" in the sense that requested permissions can be arbitrarily finely subdivided. There's no notion of intra-application invocation contexts, making it vulnerable to "confused deputy" problems, including things like the event-stream incident. |
|
|