On 6/05/2021 9:46 pm, Ron Pressler wrote:
Most performance issues have to do with the stack walking at the core of the
Security Manager’s design.
I disagree, unless you can provide /evidence or context, I have not seen
any evidence for this, I've done a lot of performance testing on the
Thanks Alan,
I understand the motivation.
The front line of security is authentication, privacy (encryption),
verification and validation with failure atomicity.
SecurityManager is unfortunately named, giving the impression that it
has responsibility for security. In truth, it's ONLY an
On Thu, 6 May 2021 18:08:40 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Test with new java.security file
>
> test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java line 90:
>
>> 88:
> Please review the change to jarsigner so it uses certpath security property
> in order to properly display the weakness of the certificate algorithms.
Hai-May Chao has updated the pull request incrementally with one additional
commit since the last revision:
Test with new java.security
On Thu, 6 May 2021 11:57:48 GMT, Alexey Bakhtin wrote:
> Unfortunately, simple pull() can not be used in this case. We have to check
> if the session found in the cache can be rejoined with parameters received in
> ClientHello and server context. Only rejoinable sessions should be removed
>
On Thu, 6 May 2021 14:42:20 GMT, Patrick Concannon
wrote:
>> Hi,
>>
>> Could someone please review my code for updating the code in the
>> `java.security` package to make use of the `instanceof` pattern variable?
>>
>> Kind regards,
>> Patrick
>
> Patrick Concannon has updated the pull
On Thu, 6 May 2021 16:49:33 GMT, Hai-May Chao wrote:
> Please review the change to jarsigner so it uses certpath security property
> in order to properly display the weakness of the certificate algorithms.
test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java line 90:
> 88:
On Fri, 30 Apr 2021 17:35:46 GMT, Weijun Wang wrote:
> `PKCS12KeyStore` always uses a 20-byte salt in encryption but
> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt
> used for this algorithm will be 8 bytes.
>
> RFC 2898 only requires the salt to be at least 8
On Thu, 6 May 2021 14:25:13 GMT, Weijun Wang wrote:
>> `PKCS12KeyStore` always uses a 20-byte salt in encryption but
>> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt
>> used for this algorithm will be 8 bytes.
>>
>> RFC 2898 only requires the salt to be at least 8
Please review the change to jarsigner so it uses certpath security property in
order to properly display the weakness of the certificate algorithms.
-
Commit messages:
- 8266225:jarsigner is using incorrect security property to show weakness of
certs
Changes:
On Thu, 6 May 2021 14:42:20 GMT, Patrick Concannon
wrote:
>> Hi,
>>
>> Could someone please review my code for updating the code in the
>> `java.security` package to make use of the `instanceof` pattern variable?
>>
>> Kind regards,
>> Patrick
>
> Patrick Concannon has updated the pull
On Tue, 27 Apr 2021 04:38:32 GMT, Punikekk
wrote:
>> Patrick Concannon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> 8265426: changed order of equals check; refactored Identity.equals method
>
>
On Thu, 6 May 2021 13:41:04 GMT, Weijun Wang wrote:
>> Patrick Concannon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> 8265426: Reverted parameter names; removed redundant parenthesis
>
>
> Hi,
>
> Could someone please review my code for updating the code in the
> `java.security` package to make use of the `instanceof` pattern variable?
>
> Kind regards,
> Patrick
Patrick Concannon has updated the pull request incrementally with one
additional commit since the last revision:
> This PR contains the API and implementation changes for JEP-412 [1]. A more
> detailed description of such changes, to avoid repetitions during the review
> process, is included as a separate comment.
>
> [1] - https://openjdk.java.net/jeps/412
Maurizio Cimadamore has updated the pull
On Thu, 6 May 2021 01:23:40 GMT, Valerie Peng wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> better comment
>
> src/java.base/share/classes/sun/security/pkcs12/PKCS12KeyStore.java line 811:
>
>> 809:
> `PKCS12KeyStore` always uses a 20-byte salt in encryption but
> PBEWithMD5AndDES only accepts 8-byte salt. With this code change, the salt
> used for this algorithm will be 8 bytes.
>
> RFC 2898 only requires the salt to be at least 8 bytes, but I don't intend to
> modify the
> Hi,
>
> Could someone please review my code for updating the code in the
> `java.security` package to make use of the `instanceof` pattern variable?
>
> Kind regards,
> Patrick
Patrick Concannon has updated the pull request with a new target base due to a
merge or a rebase. The incremental
On Thu, 6 May 2021 11:52:15 GMT, Patrick Concannon
wrote:
>> Hi,
>>
>> Could someone please review my code for updating the code in the
>> `java.security` package to make use of the `instanceof` pattern variable?
>>
>> Kind regards,
>> Patrick
>
> Patrick Concannon has updated the pull
On Thu, 6 May 2021 11:52:15 GMT, Patrick Concannon
wrote:
>> Hi,
>>
>> Could someone please review my code for updating the code in the
>> `java.security` package to make use of the `instanceof` pattern variable?
>>
>> Kind regards,
>> Patrick
>
> Patrick Concannon has updated the pull
On 2021-05-06T11:46:33 +
Ron Pressler wrote:
> When the entire process has the same permissions — in line with current
> practice — there are
> superior sandboxes provided by the OS.
The issue with falling back to the sandboxes provided by the OS is that
you then have to deal with a lot of
On Wed, 5 May 2021 03:41:27 GMT, Xue-Lei Andrew Fan wrote:
>> Thank you for the update.
>>
>> I also expect the code easy to read and maintain in the future. But please
>> go ahead for the integration if you don't want to make the update now. We
>> could file an enhancement later on.
>
>>
On Mon, 26 Apr 2021 23:24:41 GMT, Weijun Wang wrote:
> Two comments:
>
> 1. Why not reuse the existing variable name (Ex: `t` in `Type t =
> (Type)obj`) as much as possible to avoid unnecessary renames?
>
> 2. I'm not sure if modifying argument name in a public API is a good
> idea.
On Mon, 26 Apr 2021 17:03:52 GMT, Jesper Steen Møller
wrote:
>> Patrick Concannon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> 8265426: Reverted parameter names; removed redundant parenthesis
>
>
On Mon, 26 Apr 2021 18:14:21 GMT, Roger Riggs wrote:
>> Patrick Concannon has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> 8265426: Reverted parameter names; removed redundant parenthesis
>
>
> Hi,
>
> Could someone please review my code for updating the code in the
> `java.security` package to make use of the `instanceof` pattern variable?
>
> Kind regards,
> Patrick
Patrick Concannon has updated the pull request incrementally with one
additional commit since the last revision:
On 06/05/2021 11:26, Peter Firmstone wrote:
OpenJDK seems to have assumed that no one was using SecurityManager
based on one research report.
I don't think this is right. Instead I would say that many of us have
rarely encountered deployments on the server-side that are using a
> On 6 May 2021, at 11:26, Peter Firmstone wrote:
>
> OpenJDK seems to have assumed that no one was using SecurityManager based on
> one research report. There's a lot of closed source java code out there, I
> suspect most of our users are closed source. I don't know exactly how many
>
> Hi,
>
> Could someone please review my code for updating the code in the
> `java.security` package to make use of the `instanceof` pattern variable?
>
> Kind regards,
> Patrick
Patrick Concannon has updated the pull request with a new target base due to a
merge or a rebase. The incremental
On 5/05/2021 10:55 pm, Sean Mullan wrote:
-
Obviously we won't have a call stack with domains, I don't know how
we will transfer the user Subject to other threads, for TLS and
Kerberos connections. No doubt something is planned.
There is a plan for preserving the capability to transfer
30 matches
Mail list logo