RFR (12): 8191053: Provide a mechanism to make system's security manager immutable
Mandy Chung
mandy.chung at oracle.com
Tue Oct 2 18:15:57 UTC 2018
On 10/2/18 10:14 AM, Sean Mullan wrote:
> On 10/2/18 1:05 PM, Mandy Chung wrote:
>> I'm not a fan of using double == which is not obvious to catch the
>> typo. I think the `==` syntax may not be commonly known either (I
>> suspect it's seldom for a user to override java.security.policy
>> rather than augmenting it).
>>
>> Have you considered using simple token `disallow` and `allow` (or
>> all-caps)?
>
> I am fine with that as well.
>
>> The possibility of a custom security manager class named `disallow`
>> and `allow` should be low.
>
> I agree. I could imagine there might be a custom SM class named
> "Disallow" but that should still work, right?
Yes since the property value is case-sensitive.
Mandy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20181002/f049aae8/attachment.htm>
More information about the security-dev
mailing list