This class provides a mechanism for specified named permissions
related to the Java security framework. These permissions have no
associated actions list. They are either granted or not granted.
Permission Name | Permission Allows | Risks |
---|
createAccessControlContext |
Allows creation of an AccessControlContext |
The new control context can have a rogue DomainCombiner, leading
to a privacy leak |
getDomainCombiner |
Get a DomainCombiner from an AccessControlContext |
Access to a DomainCombiner can lead to a privacy leak |
getPolicy |
Allows retrieval of the system security policy |
Malicious code can use information from the policy to better plan
an attack |
setPolicy |
Allows the security policy to be changed |
Malicious code can give itself any permission it wants |
getProperty. key |
Retrieve the property specified by the key |
Malicious code can use information from the property to better plan
an attack |
setProperty. key |
Allows changing of the value of all properties implied by key |
Malicious code can insert rogue classes to steal keys or recreate
the security policy with whatever permissions it desires |
insertProvider. key |
Allows the named provider to be added |
Malicious code can insert rogue providers that steal data |
removeProvider. key |
Allows the named provider to be removed |
A missing provider can cripple code that relies on it |
setSystemScope |
Allows the system identity scope to be set |
Malicious code can add certificates not available in the original
identity scope, to gain more permissions |
setIdentityPublicKey |
Allows the public key of an Identity to be set |
Malicious code can install its own key to gain permissions not
allowed by the original identity scope |
SetIdentityInfo |
Allows the description of an Identity to be set |
Malicious code can spoof users into trusting a fake identity |
addIdentityCertificate |
Allows a certificate to be set for the public key of an identity |
The public key can become trusted to a wider audience than originally
intended |
removeIdentityCertificate |
Allows removal of a certificate from an identity's public key |
The public key can become less trusted than it should be |
printIdentity |
View the name of the identity and scope, and whether they are
trusted |
The scope may include a filename, which provides an entry point for
further security breaches |
clearProviderProperties. key |
Allows the properties of the named provider to be cleared |
This can disable parts of the program which depend on finding the
provider |
putProviderProperty. key |
Allows the properties of the named provider to be changed |
Malicious code can replace the implementation of a provider |
removeProviderProperty. key |
Allows the properties of the named provider to be deleted |
This can disable parts of the program which depend on finding the
provider |
getSignerPrivateKey |
Allows the retrieval of the private key for a signer |
Anyone that can access the private key can claim to be the
Signer |
setSignerKeyPair |
Allows the public and private key of a Signer to be changed |
The replacement might be a weaker encryption, or the attacker
can use knowledge of the replaced key to decrypt an entire
communication session |
There is some degree of security risk in granting any of these
permissions. Some of them can completely compromise system security.
Please exercise extreme caution in granting these permissions.