On 27.07.2016 17:37, Stephen Colebourne wrote:
While the JDK cannot afford to compromise on security, many real-world systems can and do. Software is mostly a trade-off between security, quality, features, delivery date, design, resources... etc. As such, this discussion cannot and should not be shut down solely on the basis of security.
For an entirely hypothetical straw man example, imagine the expert authors of a third party component A making a deliberate security trade off in one class. For the sake of brevity, let's call that class 'Gun'.
Let's also imagine a different set of expert authors of a different third party component B making a different deliberate security trade off in another class. Let's call that class 'Bullet'.
Assembling a software system H which, by simply using both component A and component B, provides both a Gun and a Bullet, could lead to some pretty bad headaches down the road.
In the "exported by default" world view, the assembler is responsible for restricting all such headache inducing interactions between these classes, originating in different components with different trade offs.
Let's hope for their sake they are really awesome experts at that sort of thing, and especially good at handling the potentially exponential complexities that can arise from adding new components with further third party provided Guns and Bullets to their software system.
In the "failsafe by default" world view, they are responsible for enabling "just" the non-headache inducing interactions between those classes, of which there in most cases may very well be none.
That's (potentially) a substantial difference in effort necessary to accurately make such trade offs, in particular over the maintenance life cycle of a software system.
cheers, dalibor topic -- <http://www.oracle.com> Dalibor Topic | Principal Product Manager Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961 <tel:+491737185961> ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg ORACLE Deutschland B.V. & Co. KG Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher <http://www.oracle.com/commitment> Oracle is committed to developing practices and products that help protect the environment
