On Sun, 2006-01-22 at 09:17 +0000, [EMAIL PROTECTED] wrote: > Author: skitching > Date: Sun Jan 22 01:17:01 2006 > New Revision: 371247 > > URL: http://svn.apache.org/viewcvs?rev=371247&view=rev > Log: > Remove comment about how parent-first loading improves JVM security; it isn't > correct.
<snip> > Parent-first loading has been the standard mechanism in the JDK > class loader, at least since Java 1.2 introduced hierarchical > classloaders. > - The primary reason for this is safety -- parent-first > - makes it impossible for malicious code to trick the JVM into > - replacing a core class (say, > <code>java.security.SecurityManager</code>) with a > - class of the same name loaded from a child classloader. parent-first loading does not improve JVM security but AIUI that is the reason why parent-first loading was made the standard mechanism. i agree that sentence is probably best removed (though) since it's a little misleading. - robert --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
