|
Evaluation
|
There are two problems here - one should be an ref to the spec:
1.) Scope of properties listed in extensions is not clear in spec.
(The jnlp spec says component-extensions cannot have a j2se element,
this should also apply to installer-extensions.
The spec does not say anything about property settings in extensions,
the code allows it, but since we know restrict properties to start with
javaws or jnlp if not in trusted env, we get bug 2.) below) The spec
should clearly state that all properties are set in the same VM, so
will be available to code loaded from either the main jnlp file or any
extensions.
2.) when implementing the security fix requiring sandbox restrictions on
setting properties in jnlp files. It was assumed (incorrectly) that
all the properties could be set while loading the main jar file of the
application, in cases like this we are no longer in a security context
that would allow this.
I am going to split this into 2 bugs, where 1.) above will be a new spec
rfe or bug, and this bug will be confined to the 2.) above.
xxxxx@xxxxx 2002-08-21
|
