JVM security properties warning

Sean Mullan sean.mullan at oracle.com
Tue Nov 28 21:21:25 UTC 2023

Thanks for your post about this topic. A comment was added to the bug report and I also agree with the concerns raised there. I don’t think it can be implemented as expected for the reasons in that comment. Also, warnings emitted to stderr are not done lightly and are typically only done for very significant reasons, such as use of a prominent deprecated API that is to be eventually removed. The best solution to this is to ensure that you have adequate tests to check that the property settings are enforced or configured as expected.


On Nov 28, 2023, at 2:23 PM, Capasso, Autumn <autumcap at amazon.com<mailto:autumcap at amazon.com>> wrote:

Hi my name is Autumn Capasso, I am an Software engineer for the Amazon Corretto team. I am purposing to a mechanism to warn developers about misconfigure Security properties by mistaking them for system properties. We have found that customers are often confused by security properties they think are System properties. Developers think their changing a System property and not only do they not get their desired effect. I created a JBS issues that I have included in this email.

Thank you,
Autumn Capasso

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20231128/67bf0de1/attachment.htm>

More information about the security-dev mailing list