Dropping the security manager (was Re: Eliminating the security overhead when not running with a security manager)
Alan Bateman
Alan.Bateman at oracle.com
Thu Nov 23 19:50:23 UTC 2017
On 23/11/2017 19:21, Jason Tedor wrote:
> > Long term then it would be interesting to explore degrading and
> eventually dropping the security manager but that is beyond the scope
> of what I would like to discuss here.
>
> That is a bold topic to immediately declare out of scope. I am looking
> for somewhere to reply, so I am forking this thread to a new subject
> to share my thoughts.
Starting a new thread is fine as it's beyond the scope of the topic that
I was looking to discuss. As I mentioned, Sean and Jeff are planning a
survey and that would be a good time to bring up use-cases and suggestions.
> The JDK needs to be a platform that enables developing secure server
> applications. Seeing this question raised without any explicit or
> implicit mention of this need is surprising.
Sorry, that's a bit unfair as there has been massive effort put into the
platform to support the development of secure applications. Security is
much more than the security manager.
-Alan
More information about the security-dev
mailing list