This class provides a mechanism for specified named permissions
related to the Java security framework. These permissions have no
associated actions list. They are either granted or not granted.
| Permission Name | Permission Allows | Risks |
|---|
createAccessControlContext | Allows creation of an AccessControlContext | The new control context can have a rogue DomainCombiner, leading
to a privacy leak |
getDomainCombiner | Get a DomainCombiner from an AccessControlContext | Access to a DomainCombiner can lead to a privacy leak |
getPolicy | Allows retrieval of the system security policy | Malicious code can use information from the policy to better plan
an attack |
setPolicy | Allows the security policy to be changed | Malicious code can give itself any permission it wants |
getProperty.key | Retrieve the property specified by the key | Malicious code can use information from the property to better plan
an attack |
setProperty.key | Allows changing of the value of all properties implied by key | Malicious code can insert rogue classes to steal keys or recreate
the security policy with whatever permissions it desires |
insertProvider.key | Allows the named provider to be added | Malicious code can insert rogue providers that steal data |
removeProvider.key | Allows the named provider to be removed | A missing provider can cripple code that relies on it |
setSystemScope | Allows the system identity scope to be set | Malicious code can add certificates not available in the original
identity scope, to gain more permissions |
setIdentityPublicKey | Allows the public key of an Identity to be set | Malicious code can install its own key to gain permissions not
allowed by the original identity scope |
SetIdentityInfo | Allows the description of an Identity to be set | Malicious code can spoof users into trusting a fake identity |
addIdentityCertificate | Allows a certificate to be set for the public key of an identity | The public key can become trusted to a wider audience than originally
intended |
removeIdentityCertificate | Allows removal of a certificate from an identity's public key | The public key can become less trusted than it should be |
printIdentity | View the name of the identity and scope, and whether they are
trusted | The scope may include a filename, which provides an entry point for
further security breaches |
clearProviderProperties.key | Allows the properties of the named provider to be cleared | This can disable parts of the program which depend on finding the
provider |
putProviderProperty.key | Allows the properties of the named provider to be changed | Malicious code can replace the implementation of a provider |
removeProviderProperty.key | Allows the properties of the named provider to be deleted | This can disable parts of the program which depend on finding the
provider |
getSignerPrivateKey | Allows the retrieval of the private key for a signer | Anyone that can access the private key can claim to be the
Signer |
setSignerKeyPair | Allows the public and private key of a Signer to be changed | The replacement might be a weaker encryption, or the attacker
can use knowledge of the replaced key to decrypt an entire
communication session |
There is some degree of security risk in granting any of these
permissions. Some of them can completely compromise system security.
Please exercise extreme caution in granting these permissions.