23 * questions.
24 */
25
26 package javax.xml.bind;
27
28 import java.security.BasicPermission;
29
30 /**
31 * This class is for JAXB permissions. A {@code JAXBPermission}
32 * contains a name (also referred to as a "target name") but
33 * no actions list; you either have the named permission
34 * or you don't.
35 *
36 * <P>
37 * The target name is the name of the JAXB permission (see below).
38 *
39 * <P>
40 * The following table lists all the possible {@code JAXBPermission} target names,
41 * and for each provides a description of what the permission allows
42 * and a discussion of the risks of granting code the permission.
43 * <P>
44 *
45 * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
46 * <tr>
47 * <th>Permission Target Name</th>
48 * <th>What the Permission Allows</th>
49 * <th>Risks of Allowing this Permission</th>
50 * </tr>
51 *
52 * <tr>
53 * <td>setDatatypeConverter</td>
54 * <td>
55 * Allows the code to set VM-wide {@link DatatypeConverterInterface}
56 * via {@link DatatypeConverter#setDatatypeConverter(DatatypeConverterInterface) the setDatatypeConverter method}
57 * that all the methods on {@link DatatypeConverter} uses.
58 * </td>
59 * <td>
60 * Malicious code can set {@link DatatypeConverterInterface}, which has
61 * VM-wide singleton semantics, before a genuine JAXB implementation sets one.
62 * This allows malicious code to gain access to objects that it may otherwise
63 * not have access to, such as {@link java.awt.Frame#getFrames()} that belongs to
|
23 * questions.
24 */
25
26 package javax.xml.bind;
27
28 import java.security.BasicPermission;
29
30 /**
31 * This class is for JAXB permissions. A {@code JAXBPermission}
32 * contains a name (also referred to as a "target name") but
33 * no actions list; you either have the named permission
34 * or you don't.
35 *
36 * <P>
37 * The target name is the name of the JAXB permission (see below).
38 *
39 * <P>
40 * The following table lists all the possible {@code JAXBPermission} target names,
41 * and for each provides a description of what the permission allows
42 * and a discussion of the risks of granting code the permission.
43 *
44 * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
45 * <tr>
46 * <th>Permission Target Name</th>
47 * <th>What the Permission Allows</th>
48 * <th>Risks of Allowing this Permission</th>
49 * </tr>
50 *
51 * <tr>
52 * <td>setDatatypeConverter</td>
53 * <td>
54 * Allows the code to set VM-wide {@link DatatypeConverterInterface}
55 * via {@link DatatypeConverter#setDatatypeConverter(DatatypeConverterInterface) the setDatatypeConverter method}
56 * that all the methods on {@link DatatypeConverter} uses.
57 * </td>
58 * <td>
59 * Malicious code can set {@link DatatypeConverterInterface}, which has
60 * VM-wide singleton semantics, before a genuine JAXB implementation sets one.
61 * This allows malicious code to gain access to objects that it may otherwise
62 * not have access to, such as {@link java.awt.Frame#getFrames()} that belongs to
|