Dropping the security manager (was Re: Eliminating the security overhead when not running with a security manager)

Alan Bateman Alan.Bateman at oracle.com
Thu Nov 23 19:50:23 UTC 2017


On 23/11/2017 19:21, Jason Tedor wrote:
> > Long term then it would be interesting to explore degrading and 
> eventually dropping the security manager but that is beyond the scope 
> of what I would like to discuss here.
>
> That is a bold topic to immediately declare out of scope. I am looking 
> for somewhere to reply, so I am forking this thread to a new subject 
> to share my thoughts.
Starting a new thread is fine as it's beyond the scope of the topic that 
I was looking to discuss. As I mentioned, Sean and Jeff are planning a 
survey and that would be a good time to bring up use-cases and suggestions.


> The JDK needs to be a platform that enables developing secure server 
> applications. Seeing this question raised without any explicit or 
> implicit mention of this need is surprising.
Sorry, that's a bit unfair as there has been massive effort put into the 
platform to support the development of secure applications. Security is 
much more than the security manager.

-Alan


More information about the security-dev mailing list