Kris Jurka wrote:
> Without a fix to this I don't see any alternative to dropping the
> trusted version of pljava.
>
I think the easiest fix would be to prevent a trusted function from ever calling an untrusted
function. I don't think that would be too limiting and it should be easy enough to check. The
semantic would do something like this:
At the point when the SecurityManager is replaced, check if the invocation is nested. If it is,
check if the current SecurityManager is the one used by a trusted function. If so, throw an exception.
Regards,
Thomas Hallgren