This evening I faced "problems" with Domino and it's Java security policy (again). They were "tightened up" in 8.5.2 to prevent malicious code to be executed within the JVM - so far so good. But: if I imagine to execute Lotusscript code in an agent that an admin signed to be run on the server I may be able to do also harmful things on the platform - even file access. The Java policy prevents me (and you of course) from using cool add ons and libraries found on the Internet to extend our applications, especially using XPages. My latest example is the Jackson library for JSON handling and transfering into HashMaps and vice versa - a very neat thing. But without setting my policy to grant all permissions that won't work due to security exceptions.
So what I like to know is what you think about the strict policy settings and concerns about it when setting them to open up to other third party applications and extensions. Thank you for commenting on that
I think you should just grant AllPermission all the time.
Author: Oliver Busse
http://about.me/oliverbusse
This software is licensed under the Apache License 2.0
Code snippets or any other console output - if not otherwise proclaimed - licensed under WTFPL – Do What the Fuck You Want to Public License
Made with love and IBM XPages, using Twitter Bootstrap 3
This website uses the XPages Extension Library, Bootstrap4XPages Plugin and the OpenNTF Domino API