RFR CSR for 8200400 Restrict Sasl mechanisms

Weijun Wang weijun.wang at oracle.com
Mon Apr 22 23:17:18 UTC 2019


https://cr.openjdk.java.net/~weijun/8200400/webrev.00/

Thanks,
Max

> On Apr 23, 2019, at 1:19 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> Hi Max,
> 
> I would like to also review it but may need a couple more days as I'm catching up after being on vacation. Do you also have a webrev of the implementation? I would like to see how the check is implemented.
> 
> Thanks,
> Sean
> 
> On 4/17/19 10:19 PM, Weijun Wang wrote:
>> Pinga again for JDK 13.
>>> On Nov 27, 2018, at 10:27 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>> 
>>> Please review the CSR at
>>> 
>>>   https://bugs.openjdk.java.net/browse/JDK-8214331
>>> 
>>> One concern:
>>> 
>>> When a disabled mechanism is requested, Sasl.createClient and Sasl.createServer might silently return null and if a user has already taken for granted that a client should be returned an NPE will thrown somewhere. This is not quite friendly.
>>> 
>>> Thanks
>>> Max




More information about the security-dev mailing list