topic Re: Code level security Control for Application Integration in Alfresco Archive

Code level security Control for Application Integration

arthur_li — Wed, 30 Nov 2005 19:07:33 GMT

I have been playing around Alfresco 1.0 about 3 weeks, it's pretty cool design! I am little bit concern about the code level security, and itÃ¢â‚¬â„¢s crucial for application integration. The code level security can only apply to the proxyed services, and there is no way to prevent third parties whi

Re: Code level security Control for Application Integration

davidc — Thu, 01 Dec 2005 11:51:48 GMT

I think it depends on how the application is deployed. The deployed environment should not allow arbitrary addition of code to the JVM. Also, any public API's (i.e. remote) should be backed by the secure beans.

With source code available for all of the stack, then you're right, someone can build a tool that goes in at any level.

Re: Code level security Control for Application Integration

hluu — Fri, 30 Dec 2005 00:06:39 GMT

I was just wondering what security framework is used in Alfresco? Is it Acegi Security framework? If so, can you please describe your experience in using Acegi Security framework.

Thanks in advance,

Hien