RFR CSR for 8200400 Restrict Sasl mechanisms
Sean Mullan
sean.mullan at oracle.com
Mon Apr 22 17:19:09 UTC 2019
Hi Max,
I would like to also review it but may need a couple more days as I'm
catching up after being on vacation. Do you also have a webrev of the
implementation? I would like to see how the check is implemented.
Thanks,
Sean
On 4/17/19 10:19 PM, Weijun Wang wrote:
> Pinga again for JDK 13.
>
>> On Nov 27, 2018, at 10:27 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>
>> Please review the CSR at
>>
>> https://bugs.openjdk.java.net/browse/JDK-8214331
>>
>> One concern:
>>
>> When a disabled mechanism is requested, Sasl.createClient and Sasl.createServer might silently return null and if a user has already taken for granted that a client should be returned an NPE will thrown somewhere. This is not quite friendly.
>>
>> Thanks
>> Max
>
More information about the security-dev
mailing list