8200400: Restrict Sasl mechanisms

Sean Mullan sean.mullan at oracle.com
Mon May 6 18:06:11 UTC 2019


On 5/5/19 1:06 AM, Weijun Wang wrote:
> Please take a review at
> 
>     https://cr.openjdk.java.net/~weijun/8200400/webrev.01/

The java.security property description is not up-to-date with the CSR. 
Also, we don't support a system property override in the other 
jdk.*.disabled properties. So I don't think we should add that unless or 
until we see a need for it.

In Sasl.java, can we log or add some debug information if a mechanism is 
disabled? Otherwise it can be hard to debug.

--Sean

> There is a CSR at
> 
>     https://bugs.openjdk.java.net/browse/JDK-8214331
> 
> Thanks,
> Max
> 



More information about the security-dev mailing list