I would agree with the paper that you shared, Dalibor. The SecurityManager system is not self-explanatory and I would also agree that, at least in the systems I worked with, there normally is no SecurityManager set, or even worse, the software fails with a SecurityManager set because some library doesn’t play nice.
On the other side, I think the solution to make more use of the SecurityManager is not wrong but the API should be revised and a better / faster way is necessary, maybe incorporating the new StackWalker API for access checks. Christoph Engelbert Manager Developer Relations > On 6. Apr 2017, at 15:52, dalibor topic <dalibor.to...@oracle.com> wrote: > > On 06.04.2017 15:24, Gregg Wonderly wrote: >> SecurityManager needs to be used more > > Potentially relevant academic research: > http://www.cs.cmu.edu/~clegoues/docs/coker15acsac.pdf > > "We observed evidence that many developers struggle to > understand and use the security manager for any purpose. > This is perhaps why there were only 36 applications in our > sample." > > cheers, > dalibor topic > -- > <http://www.oracle.com> Dalibor Topic | Principal Product Manager > Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961 > <tel:+491737185961> > > ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg > > ORACLE Deutschland B.V. & Co. KG > Hauptverwaltung: Riesstr. 25, D-80992 München > Registergericht: Amtsgericht München, HRA 95603 > > Komplementärin: ORACLE Deutschland Verwaltung B.V. > Hertogswetering 163/167, 3543 AS Utrecht, Niederlande > Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 > Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher > > <http://www.oracle.com/commitment> Oracle is committed to developing > practices and products that help protect the environment
