RFR 9: 8155760 Implement Serialization Filtering
Roger Riggs
Roger.Riggs at Oracle.com
Mon Oct 3 14:01:18 UTC 2016
Hi Chris,
Thanks for taking another look.
On 10/3/2016 4:53 AM, Chris Hegarty wrote:
> Roger,
>
> On 14/09/16 10:46, Chris Hegarty wrote:
>
> One more additional comment:
>
> 4) Since filtering is not controlled by the Security Manager,
> does it make sense for its configuration to live in the
> java.security file?
The primary function of serialization filtering is security related and
it leverages the existing
configuration mechanism for security functions. Though slightly
off-topic, it did not seem
worthwhile to create a separate configuration mechanism. I discussed the
location and properties
with the security team and they have reviewed the changes.
Thanks, Roger
>
> -Chris.
>
>> -Chris.
>>
>>
/Webrev:
http://cr.openjdk.java.net/~rriggs/webrev-serial-filter-jdk9-8155760/
<http://cr.openjdk.java.net/%7Erriggs/webrev-serial-filter-jdk9-8155760/>/
>>> SpecDiff:
>>> http://cr.openjdk.java.net/~rriggs/filter-diffs/overview-summary.html
>>>
>>> Javadoc (subset)
>>> http://cr.openjdk.java.net/~rriggs/filter-javadoc/java/io/ObjectInputStream.html
>>>
>>>
>>>
>>> http://cr.openjdk.java.net/~rriggs/filter-javadoc/java/io/ObjectInputFilter.html
>>>
>>>
>>>
>>> http://cr.openjdk.java.net/~rriggs/filter-javadoc/java/io/SerializablePermission.html
>>>
>>>
>>>
>>>
>>> Thanks, Roger
>>>
>>>
>>>
More information about the core-libs-dev
mailing list