RFR[10]:8159526 Deprivilege jdk.httpserver
Alan Bateman
Alan.Bateman at oracle.com
Tue Sep 12 08:42:09 UTC 2017
On 12/09/2017 09:06, vyom tewari wrote:
> Hi,
>
> Please review the below code change.
>
> BugId: https://bugs.openjdk.java.net/browse/JDK-8159526
>
> Webrev-1:
> http://cr.openjdk.java.net/~vtewari/8159526/jdk/webrev/index.html
>
> Webrev-2:
> http://cr.openjdk.java.net/~vtewari/8159526/root/webrev/index.html
>
> Code change will De-privilege jdk.httpserver, we gave "jdk.httpserver"
> all permission for now.
Moving jdk.httpserver to the platform class loader looks fine. Are you
planning a second phase to identify the permissions needed so that it
doesn't have to be granted AllPermission?
-Alan
More information about the core-libs-dev
mailing list