Minor thoughts (Re: [External] : Re: JEP draft: Prepare to Restrict The Use of JNI
Ron Pressler
ron.pressler at oracle.com
Sat Sep 2 13:09:23 UTC 2023
> On 2 Sep 2023, at 13:23, Michał Kłeczek <michal at kleczek.org> wrote:
>
> The direction more and more looks to me like good old policy files albeit with informal ad-hoc syntax :) (and ad-hoc enforcement mechanism).
I don’t think it’s that ad-hoc, but it’s the standard way to configure Java programs since forever (*all* Java programs since the JRE was removed).
>
> Granted - at this moment we are only talking about guarding platform integrity (however defined) but the issues faced right now are probably very similar to issues that would be faced when moving from opt-in to opt-out SecurityManager.
If you carefully study the design of SecurityManager and strong encapsulation you will see that it’s the difference between practically intractable (for modern, dependency-heavy, server side applications) and quite straightforward. It’s no wonder it’s taken years to come up with the design, the (hopefully right) granularity, and the separation of what is best done at which software layer.
— Ron
More information about the jdk-dev
mailing list