8200400: Restrict Sasl mechanisms
Sean Mullan
sean.mullan at oracle.com
Thu May 9 18:42:48 UTC 2019
Looks good, but just a reminder to change system to security property in
the javadoc per Joe's comment in the CSR.
--Sean
On 5/7/19 11:31 AM, Weijun Wang wrote:
> Updated webrev at
>
> http://cr.openjdk.java.net/~weijun/8200400/webrev.02/
>
> The CSR at https://bugs.openjdk.java.net/browse/JDK-821433 is also updated.
>
> I reuse the Logger name "javax.security.sasl" used by our SASL providers. The name looks high-level enough to be used here.
>
> Thanks,
> Max
>
>
>> On May 7, 2019, at 2:06 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> On 5/5/19 1:06 AM, Weijun Wang wrote:
>>> Please take a review at
>>> https://cr.openjdk.java.net/~weijun/8200400/webrev.01/
>>
>> The java.security property description is not up-to-date with the CSR. Also, we don't support a system property override in the other jdk.*.disabled properties. So I don't think we should add that unless or until we see a need for it.
>>
>> In Sasl.java, can we log or add some debug information if a mechanism is disabled? Otherwise it can be hard to debug.
>>
>> --Sean
>>
>>> There is a CSR at
>>> https://bugs.openjdk.java.net/browse/JDK-8214331
>>> Thanks,
>>> Max
>
More information about the security-dev
mailing list