A possible JEP to replace SecurityManager after JEP 411

Peter Firmstone peter.firmstone at zeus.net.au
Tue Apr 26 10:37:57 UTC 2022


On 26/04/2022 8:10 pm, Alan Bateman wrote:
> On 26/04/2022 10:06, Peter Firmstone wrote:
>> :
>>
>> What about ensuring that all network access occurs through a single 
>> location that we can instrument?
>
> Network, file, and process launch are potentially interesting but 
> instrumenting them to run arbitrary code may be problematic (for the 
> same reasons that custom security managers can be problematic).
>
> -Alan

A service provider? Don't specify that's it's for security, just for 
intercepting network, file and process launching.

"can" is the key word here.    The problems are manageable when you know 
about them.  If a developer isn't aware, it could create nasty 
surprises.  So can't we document the gotchas?

Regards,

Peter.



More information about the security-dev mailing list