It's interesting, that after all of these years of remote codebase loading and all the associated security risks being openly discussed and Sun's Jini team trying to address those, with no support for the larger community (JSRs voted down), that this statement appears at the end of the announcement.
"Caution: Running a system with the java.rmi.server.useCodebaseOnly property set to false is not recommended, as it may allow the loading and execution of untrusted code." Really? How could that be a problem? And is it really something that is only being realized now? Gregg Wonderly On Apr 30, 2013, at 6:53 AM, Dennis Reedy <dennis.re...@gmail.com> wrote: > FYI, this caused grief yesterday on my project. Some of the team had updated > Java to JDK 7 Update 21. With this update the following change has been made: > > The RMI property java.rmi.server.useCodebaseOnly is set to true by default. > In earlier releases, the default value was false. > > More detail here: > http://docs.oracle.com/javase/7/docs/technotes/guides/rmi/enhancements-7.html > > The simple fix for us is to set -Djava.rmi.server.useCodebaseOnly=false > > HTH > > Dennis
