-------- Original Message --------
Subject: Re: request asarch review for deploy command enhancement in
GlassFish
From: Bill Shannon <bill.shannon_at_oracle.com>
To: Craig Perez <craig.perez_at_oracle.com>
CC: 吕宋平 <lvsongping_at_gmail.com>, dev_at_glassfish.java.net,
hong.hz.zhang_at_oracle.com
Date: Friday, May 31, 2013 7:23:26 PM
> Craig Perez wrote on 05/29/13 17:17:
>> I think I may have missed something as well? If the GlassFish server
>> downloads the application on behalf of the "client" then I'm
>> suggesting a separate "sandbox" area for this download purpose.
>> Browsers have download folders where things go by default and those
>> are typically separated for each user.
> How would this be different than the folder it uses for applications
> uploaded from the client?
>
>> Having different permissions, quotas, etc. are not so much about
>> access from GlassFish server itself but potentially from other
>> processes/uids in the system such that the downloaded content would
>> not be used outside of the intended purpose. My suggestion is based
>> on providing potential for more flexibly in cases where
>> administrators maybe concerned about resource handling and the
>> existing folder may already be sufficient.
> Again, I don't understand why this should be treated differently then
> uploaded applications, or what advantage there would be for treating
> it differently.
>
Hi Bill, I think your supposition that such a directory does not need to
be treated differently than current uploaded applications directory is
fine as Hong provided some additional context.
Since the current folder is domain specific then controls can be placed
into that deployment area and the only real reason for separate
upload/download folder(s) that I can think of would basically be to
provide some added granularity and/or potentially to deal with Java
Security Manager file permission handling should that be of actual
importance in a specific production deployment.
Thanks, -Craig