Class loaders, etc
Archie Cobbs
kaffe@rufus.w3.org
Sat, 22 Aug 1998 15:41:27 -0700 (PDT)
I'm curious how close the kaffe class loader is to the latest definition
of what a class loader should be, described in:
http://java.sun.com/people/gbracha/classloaders.ps
In particular, does kaffe support the new 1.2 security checking model?
Eg.:
- Does kaffe differentiate between (and support simultaneous instances
of) two classes loaded via different class loader instances?
- Does kaffe maintain a set of constraints to prevent the security
exploit described in the paper?
>From the looks of it, the answer is not yet.
Also, what's the state of byte-code verification in kaffe.. and is
anyone actively working on this?
More generally, this is not to complain about what's not done yet,
but rather to gather an explicit list of what work remains in the
domains of class loading, class verification, class loading security
issues, and determine what plans there are (if any) for addressing
these issues, etc.
These issues are important not only for web browsers, but also for
web servers that run Servelets, etc. Different servelets can load
different classes with the same name, etc.
Thanks,
-Archie
___________________________________________________________________________
Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com