RFR: 8315487: Security Providers Filter [v17]
Xuelei Fan
xuelei.f at gmail.com
Wed Dec 18 05:32:55 UTC 2024
On Tue, Dec 17, 2024 at 8:26 PM Xuelei Fan <xuelei.f at gmail.com> wrote:
>
>
> > I have to disable this feature, and don’t allow any security property
>> setting, which is not easy to me once an editable property is introduced.
>>
>> No need for this, the filter is disabled by default. If you are so
>> concerned that you would like to forbid any security property modification
>> to JDK deployment administrators, perhaps you should have already forbidden
>> it.
>>
>
> I did not forbid this new property yet. I could have other related
> uneditable/forbidden because Java supports so with public APIs. I need to
> update my application source code to forbid this one once it is released.
> I could live, I think. It is just a little trouble and I have to take
> care of the compatibility issues for the release.
>
>
I also need to consider if the security property has been used for an
application, how could it be onboarding to a market with strict security
policies, without compatibility impact. This is a more serious problem to
me. Any source code level update requirements could be painful.
Best,
Xuelei
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/core-libs-dev/attachments/20241217/08e2d87b/attachment-0001.htm>
More information about the core-libs-dev
mailing list