Patch: issue RT-14177

Tom Schindl tom.schindl at bestsolution.at
Fri Jun 1 10:54:34 PDT 2012 

Looks good to me - I don't see the security problem because as Richard
said we don't change the logic run before running the last resort code
to use the classloader the classes before us have been loaded with (if
there would have been a security problem those classes would have failed
to load already not?).

I think we can live for now with the performance degration in OSGi - the
other option is even worse.

Thank you very much Richard for taking care of this!

Tom

Am 01.06.12 19:25, schrieb Richard Bair:
> I don't think this patch changes anything with regard to those two issues, except for the case where the class referenced by -fx-skin really doesn't exist.
> 
>> This should be tested from an applet or with applet-like java.policy, no? I mean, if it's called from user code by way of Control or PopupControl, will it throw a SecurityException? 
> 
> We're not doing anything now that we weren't doing before. Doesn't the Class.forName handle the security issues when used by an Applet?
> 
>> Also, loadSkinClass is a bottle neck and I fear this will make it worse. We may need to think about caching.
> 
> I think caching would be a great idea, although I'm not sure it would always be correct (especially when class loaders are taken into account -- you could cache per class loader perhaps but which class loader to cache by?).
> 
> In any case, because I loop over the class hierarchy last in the lookup sequence, the only time this will be worse than it is today for existing, working applications is when they are trying to load a skin that doesn't exist. For other apps currently out there, the lookup times will be exactly as they are now (except for the extra method call overhead which, with a JIT at least, is negligible). For Florian, he's going to pay some additional cost as we look up the skin by walking up the hierarchy, but hopefully not much.
> 
> Richard
> 


-- 
B e s t S o l u t i o n . a t                        EDV Systemhaus GmbH
------------------------------------------------------------------------
tom schindl                 geschäftsführer/CEO
------------------------------------------------------------------------
eduard-bodem-gasse 5-7/1   A-6020 innsbruck     fax      ++43 512 935833
http://www.BestSolution.at                      phone    ++43 512 935834

More information about the openjfx-dev mailing list