Dropping the security manager (was Re: Eliminating the security overhead when not running with a security manager)

Alan Bateman Alan.Bateman at oracle.com
Thu Nov 23 19:50:23 UTC 2017

On 23/11/2017 19:21, Jason Tedor wrote:
> > Long term then it would be interesting to explore degrading and 
> eventually dropping the security manager but that is beyond the scope 
> of what I would like to discuss here.
> That is a bold topic to immediately declare out of scope. I am looking 
> for somewhere to reply, so I am forking this thread to a new subject 
> to share my thoughts.
Starting a new thread is fine as it's beyond the scope of the topic that 
I was looking to discuss. As I mentioned, Sean and Jeff are planning a 
survey and that would be a good time to bring up use-cases and suggestions.

> The JDK needs to be a platform that enables developing secure server 
> applications. Seeing this question raised without any explicit or 
> implicit mention of this need is surprising.
Sorry, that's a bit unfair as there has been massive effort put into the 
platform to support the development of secure applications. Security is 
much more than the security manager.


More information about the security-dev mailing list