Archived

This topic is now archived and is closed to further replies.

[java] java.security.policy

This topic is 5643 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

hi! Our project uses rmi for a simple game, and it needs policy file that looks currently: grant { // Allow everything for now permission java.security.AllPermission; }; We run server: java -Djava.security.policy=./policy Server How dangerous is that to allow everything? Is there any potential security problems in such a small game when using rmi? Should we panic now What can be restricted with that file? How to write just policy file that just allows playing, nothing else?

Share this post


Link to post
Share on other sites
Sun (java.sun.com) has many links to policy issues, start here:

http://java.sun.com/products/jdk/1.2/docs/guide/security/PolicyFiles.html

or here for an example:

http://java.sun.com/docs/books/tutorial/security1.2/userperm/policy.html.

Off the bat, if you don't want your clients doing "anything" on the server then you probably don't want to give all permissions.

Also if you are using an applet as the client then the server needs to reside on the same codebase as the applet (Or you could sign the client, which makes life a littler harder). But your probably knew that already.

[edited by - bslayerw on June 29, 2002 3:46:26 AM]

Share this post


Link to post
Share on other sites
I would lock down all security. Games really don''t need access to anything outside the game world. So I would set things up like a locked down applet.

If your game actually has some users, you will get hackers. And before you know it your game is being used to host a porn server. And cleaning up hacking means re-formatting the hard disk, and re-installing everything... cause they always leave back doors.

Share this post


Link to post
Share on other sites