8200400: Restrict Sasl mechanisms
Weijun Wang
weijun.wang at oracle.com
Tue May 7 15:31:09 UTC 2019
Updated webrev at
http://cr.openjdk.java.net/~weijun/8200400/webrev.02/
The CSR at https://bugs.openjdk.java.net/browse/JDK-821433 is also updated.
I reuse the Logger name "javax.security.sasl" used by our SASL providers. The name looks high-level enough to be used here.
Thanks,
Max
> On May 7, 2019, at 2:06 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 5/5/19 1:06 AM, Weijun Wang wrote:
>> Please take a review at
>> https://cr.openjdk.java.net/~weijun/8200400/webrev.01/
>
> The java.security property description is not up-to-date with the CSR. Also, we don't support a system property override in the other jdk.*.disabled properties. So I don't think we should add that unless or until we see a need for it.
>
> In Sasl.java, can we log or add some debug information if a mechanism is disabled? Otherwise it can be hard to debug.
>
> --Sean
>
>> There is a CSR at
>> https://bugs.openjdk.java.net/browse/JDK-8214331
>> Thanks,
>> Max
More information about the security-dev
mailing list