On 26/04/2013 17:02, Michael McMahon wrote:
Are you referring to handlers that did no security checking
previously, or handlers
that did check for SocketPermission, but won't know about
HttpURLPermission
and now won't be compatible?
Either way, my preference would be still for it to be mandatory in JDK 8.
I don't know how common it is to set java.protocol.handler.pkgs and
deploy your own HTTP protocol handler. It's possible that it is very
rare to do this and also run with a security manager. So it's hard to
know whether other HTTP protocol handlers work with a security manager
or not. My question was just wondering whether we need to account for
existing HTTP protocol handler that would be deployed without any
knowledge of HttpURLPermission.
-Alan.
