On 8-Sep-05, at 3:45 PM, Thomas Hallgren wrote:
> Tom Lane wrote:
>
>> Actually, I've just been discussing this with Red Hat's gcj people in
>> connection with a different project. What they say is that the Java
>> security manager is completely implemented now, but what is still
>> missing is that it's possible to bypass Java security if you can
>> execute
>> untrusted bytecode. So if I understand correctly, a gcj
>> environment is
>> secure as long as you can prevent hacked-up class files from getting
>> into your classpath.
>>
Pretty tough to do, since you can read classes in your classpath, and
modify the bytecode on the fly
There's even a library to do it for you.
> That's great news for PL/Java (and for Java in general of course).
> Did they mention a release date?
>
> Regards,
> Thomas Hallgren
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
> http://archives.postgresql.org
>
>