In the Harbor Repository, the place where all your
applications and libraries live, there are some special folders.
This idea of special folders is core to understanding how Harbor
security actually works.
The first thing you need to understand is that the
class loader in the Harbor repository is very special, and it
allows one to put application components anywhere. So for example
if you placed the application Jar under.
/SomeFolder/JustBecause/ItFeelsGood/<the
Jar>
and
/MyApplications/Libraries/BecauseItFeelsRightHere/
That application will still work in Harbor...
The reason we did it like this is because it
allows us to use some special folders to instruct the system.
In Harbor there are some pre-defined special
folders.
-
EVER_LASTING is
not security related.
It allows us to cache libraries on remote clients, this is
for web efficiency. See the FAQ for
more info on this folder.
-
INDIRECT_ACCESS
this is security related.
It stops a remote client from being able to start a class on
the server.
-
MUST_BE_SEC
Any Jars under this folder must be accessed securely, if
SSL80 is not via a secure connection, client calls are
rejected.
INDIRECT_ACCESS :
When you design an application, typically the
ship starts the desired server class on the server, and this
class then uses the libraries. However you generally do not want
the remote client to be able to start libraries on the server.
For example you may have a library that allows one to delete
folders, and dont want some remote program able to start that
class directly and supplying it with the parameter C:
Remember that here we talking about a class actually running on
the server.
A programmer can protect classes and design access carefully
using the right modifiers but when it comes to third party
libraries its easier to just assume they have it wrong, and use
INDIRECT_ACCESS.
Note that it does not stop a remote program from
getting at the class, it just makes it run indirectly, from the
class that was intended to be loaded. If a remote program GETs
it and then runs it, it will run, but it will destroy the remote
machine, not the server. Its good practice to put
libraries under an INDIRECT_ACCESS folder.
==============