On Fri, 11 May 2001, Craig R. McClanahan wrote:
> > The introspection problem is not very serious - it doesn't work if
> > sandboxing is enabled ( at least from what I know - if it works then it's
> > a very serious VM bug ).
> >
>
> It doesn't work if you start Tomcat 4.0 with a security manager. That's
> what I'm cleaning up, because it's the right long term direction. But
> we're also going to add facades for those who want to run without a
> security manager installed.
If the security manager is not used everything has AllPermissions - the
fact that someone can access the internal objects is quite small compared
with the fact that it could call System.exit() and read/change any file
that tomcat has access to.
Anyway: +1 on facades :-)
Costin
