Hi, Craig:
2013/6/4 Craig Perez <craig.perez_at_oracle.com>
>
> -------- Original Message --------
> Subject: Re: request asarch review for deploy command enhancement in
> GlassFish
> From: Bill Shannon <bill.shannon_at_oracle.com> <bill.shannon_at_oracle.com>
> To: Craig Perez <craig.perez_at_oracle.com> <craig.perez_at_oracle.com>
> CC: ÂÀËÎƽ <lvsongping_at_gmail.com> <lvsongping_at_gmail.com>,
> dev_at_glassfish.java.net, hong.hz.zhang_at_oracle.com
> Date: Friday, May 31, 2013 7:23:26 PM
>
> Craig Perez wrote on 05/29/13 17:17:
>
> I think I may have missed something as well? If the GlassFish server
> downloads the application on behalf of the "client" then I'm suggesting a
> separate "sandbox" area for this download purpose. Browsers have download
> folders where things go by default and those are typically separated for
> each user.
>
> How would this be different than the folder it uses for applications
> uploaded from the client?
>
> Having different permissions, quotas, etc. are not so much about access
> from GlassFish server itself but potentially from other processes/uids in
> the system such that the downloaded content would not be used outside of
> the intended purpose. My suggestion is based on providing potential for
> more flexibly in cases where administrators maybe concerned about resource
> handling and the existing folder may already be sufficient.
>
> Again, I don't understand why this should be treated differently then
> uploaded applications, or what advantage there would be for treating it
> differently.
>
> Hi Bill, I think your supposition that such a directory does not need to
> be treated differently than current uploaded applications directory is fine
> as Hong provided some additional context.
>
> Since the current folder is domain specific then controls can be placed
> into that deployment area and the only real reason for separate
> upload/download folder(s) that I can think of would basically be to provide
> some added granularity and/or potentially to deal with Java Security
> Manager file permission handling should that be of actual importance in a
> specific production deployment.
>
> [Jeremy] I can't think out any reasonable reason to provide some added
> granularity and/or potentially to deal with Java Security Manager file
> permission handling about the process we prepare to download the remote
> application as URI syntax to the local directory. I think the most
> important here is to make sure the application downloaded as URI is
> undamaged. If anyone have some different options about this, please raise
> your option here.
>
Thanks, Jeremy
>
>
> Thanks, -Craig
>