...
http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html discusses writing policy files in good depth.
Risk Assessment
TODORunning Java code without a Security Manager being set means that there is no security at all.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC30-J | ?? high ?? | probable | ?? low | P?? | L?? |
Automated Detection
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Security 06|AA. Java References#Security 06]\] [Default Policy Implementation and Policy File Syntax|http://java.sun.com/ |
javase/ |
6/docs/ |
technotes/guides/security/PolicyFiles.html |
]Enterprise Java Security: Building Secure J2EE Applications,
] \[[EJS 04|AA. Java References#EJS 04]\] 7.4 The Security |
Inside Java 2 Platform Security,
Manager \[[Gong 03|AA. Java References#Gong 03]\] 6.1 Security Manager |