Secure Coding mailing list archives

By default, the Verifier is disabled on .Net and Java

From: stephen at corsaire.com (Stephen de Vries)
Date: Thu, 11 May 2006 11:54:10 +0700

Michael Silk wrote:

On 5/9/06, Dinis Cruz <dinis at ddplus.net> wrote:


<snip>

Is there a example out there where (by default) java code is executed in
an environment with :

    * the security manager enabled (with a strong security policy) and
    * the verifier disabled


Yes. Your local JRE.


...but only in the exceptional case where a local Java application was
started with a security manager activated, but without the -verify flag
enabled.
Most local Java applications are started without the verifier enabled
and without a security manager.

For untrusted applets and webstart apps, both the verifier and a
security manager are enabled.



-- 
Stephen de Vries
Corsaire Ltd
E-mail: stephen at corsaire.com
Tel:    +44 1483 226014
Fax:    +44 1483 226068
Web:    http://www.corsaire.com

Current thread:

By default, the Verifier is disabled on .Net and Java, (continued)
- - - By default, the Verifier is disabled on .Net and Java Jeff Williams (May 04)
    - Message not available
    - Message not available
    - Message not available
    - By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 12)
    - By default, the Verifier is disabled on .Net and Java Michael Silk (May 13)
  - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 08)
    - By default, the Verifier is disabled on .Net and Java Michael Silk (May 08)
    - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 12)
    - By default, the Verifier is disabled on .Net and Java Michael Silk (May 12)
- By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 03)
  - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 08)
    - By default, the Verifier is disabled on .Net and Java Michael Silk (May 08)
    - By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 10)
    - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 12)
    - By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 13)
- By default, the Verifier is disabled on .Net and Java Wall, Kevin (May 02)
  - By default, the Verifier is disabled on .Net and Java David Eisner (May 03)
    - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 03)
    - By default, the Verifier is disabled on .Net and Java Tim Hollebeek (May 04)
    - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 12)
- By default, the Verifier is disabled on .Net and Java Wall, Kevin (May 03)
  - By default, the Verifier is disabled on .Net and Java Michael Silk (May 03)
  - By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 03)

(Thread continues...)