API change for 8010464: Evolve java networking same origin policy
Alan Bateman
Alan.Bateman at oracle.com
Fri Apr 26 09:09:00 PDT 2013
On 26/04/2013 17:02, Michael McMahon wrote:
>
> Are you referring to handlers that did no security checking
> previously, or handlers
> that did check for SocketPermission, but won't know about
> HttpURLPermission
> and now won't be compatible?
>
> Either way, my preference would be still for it to be mandatory in JDK 8.
I don't know how common it is to set java.protocol.handler.pkgs and
deploy your own HTTP protocol handler. It's possible that it is very
rare to do this and also run with a security manager. So it's hard to
know whether other HTTP protocol handlers work with a security manager
or not. My question was just wondering whether we need to account for
existing HTTP protocol handler that would be deployed without any
knowledge of HttpURLPermission.
-Alan.
More information about the net-dev
mailing list