-
Type:
Enhancement
-
Resolution: Fixed
-
Priority:
P4
-
Affects Version/s: 1.0
-
Component/s: security-libs
-
merlin
-
generic
-
solaris_7
-
Verified
currently, we have a permission check to prevent anyone
from instantiating a LoginContext. the check is for:
AuthPermission("createLoginContext")
this is necessary to prevent someone from randomly
attempting logins until they succeed. one negative
is that the permission is extremely powerful.
once you trust an application to instantiate a LoginContext
you can't prevent the application from randomly accessing different
configuration entries in the login configuration.
it would be useful if we could restrict
which applications can instantiate a LoginContext,
as well as what login configuration entries an application can access.
from instantiating a LoginContext. the check is for:
AuthPermission("createLoginContext")
this is necessary to prevent someone from randomly
attempting logins until they succeed. one negative
is that the permission is extremely powerful.
once you trust an application to instantiate a LoginContext
you can't prevent the application from randomly accessing different
configuration entries in the login configuration.
it would be useful if we could restrict
which applications can instantiate a LoginContext,
as well as what login configuration entries an application can access.
- relates to
-
-
- Closed
-