RFR CSR for 8200400 Restrict Sasl mechanisms
Valerie Peng
valerie.peng at oracle.com
Fri Apr 19 00:40:07 UTC 2019
The CSR looks fine but some text got truncated and does not show up
completely which may be confusing. Should the lines be made shorter so
no truncation happen?
As for returning null silently, at least the current javadoc did state
that null is being returned if none can be produced with the supplied
parameters. Do you have more friendly solutions, i.e. do you want to
throw SaslException?
I added myself as reviewer.
Thanks,
Valerie
On 4/17/2019 7:19 PM, Weijun Wang wrote:
> Pinga again for JDK 13.
>
>> On Nov 27, 2018, at 10:27 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>
>> Please review the CSR at
>>
>> https://bugs.openjdk.java.net/browse/JDK-8214331
>>
>> One concern:
>>
>> When a disabled mechanism is requested, Sasl.createClient and Sasl.createServer might silently return null and if a user has already taken for granted that a client should be returned an NPE will thrown somewhere. This is not quite friendly.
>>
>> Thanks
>> Max
More information about the security-dev
mailing list