Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4943650

Negative permissions would be very helpful

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P3
    • Resolution: Won't Fix
    • Affects Version/s: 1.4.1
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description



      Name: rl43681 Date: 10/24/2003


      A DESCRIPTION OF THE REQUEST :
      I would like to be able to restrict access to some parts of my system while leaving others open. It is far, far easier for me to enumerate what's forbidden than what's allowed.

      JUSTIFICATION :
      In my case what I want to do is allow people access to any network address that isn't one of a restricted set, including ones in the internet, so it is not possible to enumerate what's allowed.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      I am only suggesting a possible syntax to which I'm not wedded at all:

      grant {
          restriction SocketPermission "*.restricted.example.com", "*";
          permission SocketPermission "*.example.com", "*";
      }

      This would forbid access to anything in the "restricted" subdomain, but access to all other systems in the domain.
      ACTUAL -
      No equivalent behavior exists currently.

      (Incident Review ID: 217542)
      ======================================================================

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            rlewis Roger Lewis (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: