RFR CSR for 8200400 Restrict Sasl mechanisms

Weijun Wang weijun.wang at oracle.com
Fri Apr 19 02:10:50 UTC 2019



> On Apr 19, 2019, at 8:40 AM, Valerie Peng <valerie.peng at oracle.com> wrote:
> 
> 
> The CSR looks fine but some text got truncated and does not show up completely which may be confusing. Should the lines be made shorter so no truncation happen?

I'll wrap the @systemProperty line in the src. New lines java.security are at most 79 chars.

> 
> As for returning null silently, at least the current javadoc did state that null is being returned if none can be produced with the supplied parameters. Do you have more friendly solutions, i.e. do you want to throw SaslException?

I dare not. I don't think there is an error here, I just pretend I don't recognize the name at all.

Thanks,
Max

> 
> I added myself as reviewer.
> 
> Thanks,
> Valerie
> On 4/17/2019 7:19 PM, Weijun Wang wrote:
>> Pinga again for JDK 13.
>> 
>>> On Nov 27, 2018, at 10:27 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>> 
>>> Please review the CSR at
>>> 
>>>   https://bugs.openjdk.java.net/browse/JDK-8214331
>>> 
>>> One concern:
>>> 
>>> When a disabled mechanism is requested, Sasl.createClient and Sasl.createServer might silently return null and if a user has already taken for granted that a client should be returned an NPE will thrown somewhere. This is not quite friendly.
>>> 
>>> Thanks
>>> Max




More information about the security-dev mailing list