[java] java.security.policy
hi!
Our project uses rmi for a simple game, and it needs policy file that looks currently:
grant {
// Allow everything for now
permission java.security.AllPermission;
};
We run server:
java -Djava.security.policy=./policy Server
How dangerous is that to allow everything? Is there any potential security problems in such a small game when using rmi? Should we panic now
What can be restricted with that file? How to write just policy file that just allows playing, nothing else?
Sun (java.sun.com) has many links to policy issues, start here:
http://java.sun.com/products/jdk/1.2/docs/guide/security/PolicyFiles.html
or here for an example:
http://java.sun.com/docs/books/tutorial/security1.2/userperm/policy.html.
Off the bat, if you don't want your clients doing "anything" on the server then you probably don't want to give all permissions.
Also if you are using an applet as the client then the server needs to reside on the same codebase as the applet (Or you could sign the client, which makes life a littler harder). But your probably knew that already.
[edited by - bslayerw on June 29, 2002 3:46:26 AM]
http://java.sun.com/products/jdk/1.2/docs/guide/security/PolicyFiles.html
or here for an example:
http://java.sun.com/docs/books/tutorial/security1.2/userperm/policy.html.
Off the bat, if you don't want your clients doing "anything" on the server then you probably don't want to give all permissions.
Also if you are using an applet as the client then the server needs to reside on the same codebase as the applet (Or you could sign the client, which makes life a littler harder). But your probably knew that already.
[edited by - bslayerw on June 29, 2002 3:46:26 AM]
I would lock down all security. Games really don''t need access to anything outside the game world. So I would set things up like a locked down applet.
If your game actually has some users, you will get hackers. And before you know it your game is being used to host a porn server. And cleaning up hacking means re-formatting the hard disk, and re-installing everything... cause they always leave back doors.
If your game actually has some users, you will get hackers. And before you know it your game is being used to host a porn server. And cleaning up hacking means re-formatting the hard disk, and re-installing everything... cause they always leave back doors.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement