A possible JEP to replace SecurityManager after JEP 411
Peter Firmstone
peter.firmstone at zeus.net.au
Tue Apr 26 10:37:57 UTC 2022
On 26/04/2022 8:10 pm, Alan Bateman wrote:
> On 26/04/2022 10:06, Peter Firmstone wrote:
>> :
>>
>> What about ensuring that all network access occurs through a single
>> location that we can instrument?
>
> Network, file, and process launch are potentially interesting but
> instrumenting them to run arbitrary code may be problematic (for the
> same reasons that custom security managers can be problematic).
>
> -Alan
A service provider? Don't specify that's it's for security, just for
intercepting network, file and process launching.
"can" is the key word here. The problems are manageable when you know
about them. If a developer isn't aware, it could create nasty
surprises. So can't we document the gotchas?
Regards,
Peter.
More information about the security-dev
mailing list