RFR: 8338536: Permanently disable remote code downloading in JNDI [v3]
Aleksei Efimov
aefimov at openjdk.org
Wed Nov 20 14:16:27 UTC 2024
On Wed, 20 Nov 2024 11:33:19 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> src/java.naming/share/classes/com/sun/jndi/ldap/Connection.java line 262:
>>
>>> 260: }
>>> 261:
>>> 262: worker = new Thread(this);
>>
>> Rataining a static factory for thread may use useful to be able to customize thread behavior.
>>
>> It should be considered that the new threads are Virtual threads:
>> i.e. `Thread.ofVirtual().startVirtualThread(Runnable)`
>
> This is a good point but orthogonal to the issue we're fixing here. If we decide to change the implementation to use VirtualThread it may have some impact, such as read/receive becoming interruptible. So I believe this kind of enhancement should be carried in their own PR.
That's a really good point - thank you. And a good suggestion for a future JNDI/LDAP client improvement, ie make it configurable to work with VTs. To make this work easier in a future PR - I have reverted the removal of `VersionHelper.createThread`: bd7e0b2acfccd7a296b30cf111e52ecdebc2615c
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22154#discussion_r1850279135
More information about the core-libs-dev
mailing list