Hello all,
I have submitted a JEP for "Improve Security Manager Performance" that I
am seeking further review and feedback:
https://bugs.openjdk.java.net/browse/JDK-8043631
This is very similar to a draft I posted earlier [1], but has been
re-drafted using the JEP 2.0 process. The JEP is i
No David is right, the code will run with the privileges of it's own
ProtectionDomain, so if that PD is not trusted, the code cannot bypass security
checks from static initializers. This does not break secure by default.
A static initializer can write to static fields, but public or protected s
On 07/28/2014 03:33 PM, Peter Levart wrote:
On 07/28/2014 03:34 PM, David M. Lloyd wrote:
On 07/24/2014 04:17 AM, Tom Hawtin wrote:
On 23/07/2014 14:40, David M. Lloyd wrote:
On 07/23/2014 07:07 AM, Tom Hawtin wrote:
On 23/07/2014 05:26, David M. Lloyd wrote:
• Always have static initiali
On 07/28/2014 03:34 PM, David M. Lloyd wrote:
On 07/24/2014 04:17 AM, Tom Hawtin wrote:
On 23/07/2014 14:40, David M. Lloyd wrote:
On 07/23/2014 07:07 AM, Tom Hawtin wrote:
On 23/07/2014 05:26, David M. Lloyd wrote:
• Always have static initialization blocks be privileged (this does
requir
On 07/24/2014 04:17 AM, Tom Hawtin wrote:
On 23/07/2014 14:40, David M. Lloyd wrote:
On 07/23/2014 07:07 AM, Tom Hawtin wrote:
On 23/07/2014 05:26, David M. Lloyd wrote:
• Always have static initialization blocks be privileged (this does
require users to be cognizant of this fact when writin
On 23/07/2014 14:40, David M. Lloyd wrote:
On 07/23/2014 07:07 AM, Tom Hawtin wrote:
On 23/07/2014 05:26, David M. Lloyd wrote:
• Always have static initialization blocks be privileged (this does
require users to be cognizant of this fact when writing static blocks)
If we were following "se
On 07/23/2014 07:07 AM, Tom Hawtin wrote:
On 23/07/2014 05:26, David M. Lloyd wrote:
I would suggest that one or more of the following be done to mitigate
this problem:
• Always have static initialization blocks be privileged (this does
require users to be cognizant of this fact when writing st
On 23/07/2014 05:26, David M. Lloyd wrote:
I would suggest that one or more of the following be done to mitigate
this problem:
• Always have static initialization blocks be privileged (this does
require users to be cognizant of this fact when writing static blocks)
If we were following "secure
On 04/25/2014 09:36 AM, Sean Mullan wrote:
Please review a draft of a proposed research JEP to improve the
performance of the Security Manager:
I have another idea that might be worth looking into. One problem with
security manager performance is that many times a class will perform
privileg
On 04/25/2014 09:36 AM, Sean Mullan wrote:
Please review a draft of a proposed research JEP to improve the
performance of the Security Manager:
http://cr.openjdk.java.net/~mullan/jeps/Improve-Security-Manager-Performance.00
I am particularly interested in any experience you have measuring or
On 04/25/2014 04:54 PM, David M. Lloyd wrote:
Relatedly, it would also be nice if there were some way to simplify or
improve the JAAS Subject association mechanism, which also relies on the
ACC, causing a substantial enough performance cost that (AFAICT) no
major Java EE application server actua
On 04/25/2014 02:35 PM, Sean Mullan wrote:
On 04/25/2014 10:54 AM, David M. Lloyd wrote:
On 04/25/2014 09:36 AM, Sean Mullan wrote:
Please review a draft of a proposed research JEP to improve the
performance of the Security Manager:
http://cr.openjdk.java.net/~mullan/jeps/Improve-Security-Mana
On 04/25/2014 10:54 AM, David M. Lloyd wrote:
On 04/25/2014 09:36 AM, Sean Mullan wrote:
Please review a draft of a proposed research JEP to improve the
performance of the Security Manager:
http://cr.openjdk.java.net/~mullan/jeps/Improve-Security-Manager-Performance.00
I am particularly inter
On 04/25/2014 09:36 AM, Sean Mullan wrote:
Please review a draft of a proposed research JEP to improve the
performance of the Security Manager:
http://cr.openjdk.java.net/~mullan/jeps/Improve-Security-Manager-Performance.00
I am particularly interested in any experience you have measuring or
pr
Please review a draft of a proposed research JEP to improve the
performance of the Security Manager:
http://cr.openjdk.java.net/~mullan/jeps/Improve-Security-Manager-Performance.00
I am particularly interested in any experience you have measuring or
profiling the performance of your code when
15 matches
Mail list logo
