RFR CSR for 8200400 Restrict Sasl mechanisms
Weijun Wang
weijun.wang at oracle.com
Mon Apr 22 23:17:18 UTC 2019
https://cr.openjdk.java.net/~weijun/8200400/webrev.00/
Thanks,
Max
> On Apr 23, 2019, at 1:19 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> Hi Max,
>
> I would like to also review it but may need a couple more days as I'm catching up after being on vacation. Do you also have a webrev of the implementation? I would like to see how the check is implemented.
>
> Thanks,
> Sean
>
> On 4/17/19 10:19 PM, Weijun Wang wrote:
>> Pinga again for JDK 13.
>>> On Nov 27, 2018, at 10:27 AM, Weijun Wang <weijun.wang at oracle.com> wrote:
>>>
>>> Please review the CSR at
>>>
>>> https://bugs.openjdk.java.net/browse/JDK-8214331
>>>
>>> One concern:
>>>
>>> When a disabled mechanism is requested, Sasl.createClient and Sasl.createServer might silently return null and if a user has already taken for granted that a client should be returned an NPE will thrown somewhere. This is not quite friendly.
>>>
>>> Thanks
>>> Max
More information about the security-dev
mailing list