Subject Re: [Firebird-Architect] External engines - security
Author Adriano dos Santos Fernandes
Roman Rokytskyy wrote:
>> Then we put Jaybird in classpath/sys and users classes should be put in
>> classpath/user.
> You can do this, but you don't get the desired result.
> If you give socket permission on classes from FB/java/classpath/sys, but
> not to classes from FB/java/classpath/user, you will get
> SecurityException unless the class from FB/java/classpath/sys uses
> doPriviledged(...) call. Read the Javadocs for AccessController class -
> that's the one responsible for permission checks.
Ok, will read it, but let's try another thing first.

AFAIU, SecurityManager and ClassLoader could work one with other.

Our ClassLoader knows from where it loaded the classes.

So can't we write a SecurityManager that works with our ClassLoader,
giving different permissions from classes loaded by sys or user directories?


PS: I readed the documents when you uploaded, and I'm reading again.