31 * This class is for various network permissions. 32 * An SSLPermission contains a name (also referred to as a "target name") but 33 * no actions list; you either have the named permission 34 * or you don't. 35 * <P> 36 * The target name is the name of the network permission (see below). The naming 37 * convention follows the hierarchical property naming convention. 38 * Also, an asterisk 39 * may appear at the end of the name, following a ".", or by itself, to 40 * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard 41 * match, while "*foo" and "a*b" do not. 42 * <P> 43 * The following table lists all the possible SSLPermission target names, 44 * and for each provides a description of what the permission allows 45 * and a discussion of the risks of granting code the permission. 46 * 47 * <table class="striped"> 48 * <caption style="display:none">permission name, what it allows, and associated risks</caption> 49 * <thead> 50 * <tr> 51 * <th>Permission Target Name</th> 52 * <th>What the Permission Allows</th> 53 * <th>Risks of Allowing this Permission</th> 54 * </tr> 55 * </thead> 56 * 57 * <tbody> 58 * <tr> 59 * <td>setHostnameVerifier</td> 60 * <td>The ability to set a callback which can decide whether to 61 * allow a mismatch between the host being connected to by 62 * an HttpsURLConnection and the common name field in 63 * server certificate. 64 * </td> 65 * <td>Malicious 66 * code can set a verifier that monitors host names visited by 67 * HttpsURLConnection requests or that allows server certificates 68 * with invalid common names. 69 * </td> 70 * </tr> 71 * 72 * <tr> 73 * <td>getSSLSessionContext</td> 74 * <td>The ability to get the SSLSessionContext of an SSLSession. 75 * </td> 76 * <td>Malicious code may monitor sessions which have been established 77 * with SSL peers or might invalidate sessions to slow down performance. 78 * </td> 79 * </tr> 80 * 81 * <tr> 82 * <td>setDefaultSSLContext</td> 83 * <td>The ability to set the default SSL context 84 * </td> 85 * <td>Malicious code can set a context that monitors the opening of 86 * connections or the plaintext data that is transmitted. 87 * </td> 88 * </tr> 89 * 90 * </tbody> 91 * </table> 92 * 93 * @see java.security.BasicPermission 94 * @see java.security.Permission 95 * @see java.security.Permissions 96 * @see java.security.PermissionCollection 97 * @see java.lang.SecurityManager 98 * 99 * @since 1.4 100 * @author Marianne Mueller 101 * @author Roland Schemers 102 */ | 31 * This class is for various network permissions. 32 * An SSLPermission contains a name (also referred to as a "target name") but 33 * no actions list; you either have the named permission 34 * or you don't. 35 * <P> 36 * The target name is the name of the network permission (see below). The naming 37 * convention follows the hierarchical property naming convention. 38 * Also, an asterisk 39 * may appear at the end of the name, following a ".", or by itself, to 40 * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard 41 * match, while "*foo" and "a*b" do not. 42 * <P> 43 * The following table lists all the possible SSLPermission target names, 44 * and for each provides a description of what the permission allows 45 * and a discussion of the risks of granting code the permission. 46 * 47 * <table class="striped"> 48 * <caption style="display:none">permission name, what it allows, and associated risks</caption> 49 * <thead> 50 * <tr> 51 * <th scope="col">Permission Target Name</th> 52 * <th scope="col">What the Permission Allows</th> 53 * <th scope="col">Risks of Allowing this Permission</th> 54 * </tr> 55 * </thead> 56 * 57 * <tbody> 58 * <tr> 59 * <th scope="row">setHostnameVerifier</th> 60 * <td>The ability to set a callback which can decide whether to 61 * allow a mismatch between the host being connected to by 62 * an HttpsURLConnection and the common name field in 63 * server certificate. 64 * </td> 65 * <td>Malicious 66 * code can set a verifier that monitors host names visited by 67 * HttpsURLConnection requests or that allows server certificates 68 * with invalid common names. 69 * </td> 70 * </tr> 71 * 72 * <tr> 73 * <th scope="row">getSSLSessionContext</th> 74 * <td>The ability to get the SSLSessionContext of an SSLSession. 75 * </td> 76 * <td>Malicious code may monitor sessions which have been established 77 * with SSL peers or might invalidate sessions to slow down performance. 78 * </td> 79 * </tr> 80 * 81 * <tr> 82 * <th scope="row">setDefaultSSLContext</th> 83 * <td>The ability to set the default SSL context 84 * </td> 85 * <td>Malicious code can set a context that monitors the opening of 86 * connections or the plaintext data that is transmitted. 87 * </td> 88 * </tr> 89 * 90 * </tbody> 91 * </table> 92 * 93 * @see java.security.BasicPermission 94 * @see java.security.Permission 95 * @see java.security.Permissions 96 * @see java.security.PermissionCollection 97 * @see java.lang.SecurityManager 98 * 99 * @since 1.4 100 * @author Marianne Mueller 101 * @author Roland Schemers 102 */ |