RFR: JDK-8057784 - Get rid of the ActionFactory dependencies on the permission classes

Riaz A Aimandi riaz.aimandi at oracle.com
Tue Sep 9 15:12:17 UTC 2014 

Yes, I didn’t notice that the scope of fields expanded from package-protected to public.
Please go back to your original and just mark those fields as private.

Thanks,

- riaz

On Sep 9, 2014, at 10:26 AM, Sergey Nazarkin <sergey.nazarkin at oracle.com> wrote:

> Agree with Jen. New implementation is vulnerable against security attacks since every body can substitute ActionFactory fields.
> 
> /Sergey
> 
> 09.09.2014 18:11, Jen Dority пишет:
>> Hi Alexey,
>> 
>> I'm concerned about the change to public for the static fields in ActionFactory. Wouldn't the original implementation be better from a secure-coding perspective?
>> 
>> Jen
>> 
>> On 9/9/2014 9:41 AM, alexey mironov wrote:
>>> issue: https://bugs.openjdk.java.net/browse/JDK-8057784/
>>> 
>>> webrev: http://cr.openjdk.java.net/~alkonsta/8057784.2/
>>> 
>>> Hi Riaz,
>>> 
>>> I make initialization *Permission fields from the static initializer. Here is a new webrev.
>>> 
>>> Regards,
>>> Alexey
>>> 
>>> 
>>> On 08.09.2014 19:18, Riaz A Aimandi wrote:
>>>> Hi Alexey,
>>>> 
>>>> These changes look fine but just one quick question.
>>>> Is it possible to initialize these *Permission fields from the static initializer of the corresponding Permission classes, where you are already initializing action strings constants ? If not, could you mark these *Permission fields as private ?
>>>> 
>>>> Thanks,
>>>> 
>>>> - riaz
>>>> 
>>>> On Sep 8, 2014, at 11:08 AM, alexey mironov <alexey.mironov at oracle.com> wrote:
>>>> 
>>>>> issue: https://bugs.openjdk.java.net/browse/JDK-8057784
>>>>> webrev: http://cr.openjdk.java.net/~alkonsta/8057784.1/
>>>>> 
>>>>> Hi All,
>>>>> Sorry, forgot issue link.
>>>>> 
>>>>> Regards,
>>>>> Alexey
>>>>> 
>>>>> On 08.09.2014 18:43, alexey mironov wrote:
>>>>>> issue: JDK-8057784 Get rid of the ActionFactory dependencies on the permission classes
>>>>>> webrev: http://cr.openjdk.java.net/~alkonsta/8057784.1/
>>>>>> 
>>>>>> Hi All,
>>>>>> 
>>>>>> Please review the changes made in order to build without some packages (atcmd, gpio, ...) that use ActionFactory for permission check.
>>>>>> 
>>>>>> Regards,
>>>>>> Alexey
>>> 
>> 
>

More information about the dio-dev mailing list