New candidate JEP: 486: Permanently Disable the Security Manager
Lothar Kimmeringer
job at kimmeringer.de
Thu Sep 26 14:04:34 UTC 2024
Am 26.09.2024 um 13:50 schrieb Mark Reinhold:
> it has rarely been used
> to secure server-side code, and it is costly to maintain.
We're one of these "rare" users and are using SecurityManager to prevent
unallowed parts of a server-application to start sub processes
(sm.canExec) and to shut down the VM (sm.canExit). How can this
be prevented in the future?
When looking for this the past couple of years since this topic
came up, I haven't found any concept for a replacement for canExit
and only "use some feature on the OS-level the application runs on"
as replacement for canExec. The latter would destroy our application's
platform independence which was the reason it was developed in Java
in the first place 20 years ago.
Thanks and cheers, Lothar
More information about the security-dev
mailing list