JEP 411: Missing use-case: user functions in an RDBMS

d be a sort of mechanical transformation of those sites, plus a simple need to be aware in new API development of where the file operations are on tainted values or not. Isn't that already something devs need to be aware of? Regards, Chapman Flack [1] https://tada.github.io/pljava/use/policy.ht

Re: JEP 411: Missing use-case: user functions in an RDBMS

Hi, On 05/28/21 06:09, Ron Pressler wrote: > Before getting into alternatives and the vision for what would be possible > post-SecurityManager, it would help to explain what the use-case and > requirements are. > > When we talk about untrusted code we usually mean code that you believe > might b

Re: JEP 411: Missing use-case: user functions in an RDBMS

On 05/28/21 10:03, Chapman Flack wrote: > I still think it would be highly desirable for the JDK itself to > adopt some such mechanism, if it can be made sufficiently non-cumbersome, > and perhaps limited just to file operations ... and Process / ProcessHandle operations I am

Re: JEP 411: Disable warning message with flag?

On 05/31/21 11:51, Mikael Sterner wrote: > For the record, I want to point out that the latest revision to the > JEP 411 draft didn't solve the issue highlighted below, since applications > embedding a Java runtime still would not be able to suppress the warning > > On Fri, May 21, 2021, at 19:33,

Re: JEP 411: Disable warning message with flag?

On 05/31/21 12:45, Chapman Flack wrote: > allow-until-degraded. In 17, that would be treated as allow, but with > the warning suppressed. In 17+n, wherever functional degradation starts, > it should become equivalent to disallow. > ... > the future "degradation", but comm

Re: JEP 411: Disable warning message with flag?

On 05/31/21 14:58, Ron Pressler wrote: > However, if the warning were emitted just once, at startup, if the > “allow” value is given rather than on each SM installation, would that > reduce the warning noise for you? In my case not at all, because only one SM is ever installed per process, at star

Re: JEP411: Missing use-case: Monitoring / restricting libraries

On 05/31/21 03:59, Alan Bateman wrote: > The SM survey in 2018 showed that there was some usage too. Out of curiosity, where can I learn more about this survey? Was it the kind of survey that, if I had been hanging around in the right places in 2018, I might have been solicited to respond to? Re

Re: JEP411: Missing use-case: Monitoring / restricting libraries

On 06/01/21 12:32, Sean Mullan wrote: > On 6/1/21 2:11 AM, Peter Firmstone wrote: >> Would have really liked to have known about that. > > It was announced on jdk-dev at the time it was launched, with a follow-up > reminder one week later: > > https://mail.openjdk.java.net/pipermail/jdk-dev/2018-

Re: RFR: 8268129: LibraryLookup::ofDefault leaks symbols from loaded libraries

M was loaded into? (This is the sort of condition the Mac OS linker checks when given the -bundle_loader option.) Regards, Chapman Flack (maintainer of a project that happens to work that way)

Re: Authorization Layer post JEP 411

On 06/02/21 19:41, Peter Firmstone wrote: > We need the power of AccessController's stack walk, StackWalker doesn't work > with compiled code, only bytecode. Is this correct? I have not tried it, but the apidocs had led me to understand it did not distinguish much between JITed and interpreted cod

Re: [jdk17] RFR: 8269543: The warning for System::setSecurityManager should only appear once for each caller

On 06/29/21 15:39, Weijun Wang wrote: > If I switch to a "non-weak" set or map, then it seems I can safely use > the source string as the key. Will using the Class object as a key prevent > them from unloading? I understand that it's in principle possible for classes to get GC'd, though I don't k

Re: JEP 411, removal of finalizers, a path forward.

On 08/03/21 12:40, Sean Mullan wrote: > It is to the point where I only skim your emails > quickly. I would take the time to write up your ideas in an external place. > It may not go anywhere, but at least you would have a single place where > your proposal, experiments, etc are documented. I wou

Post-JEP411 request: callAs(Supplier) Re: RFR: 8267108: Alternate Subject.getSubject and doAs APIs that do not depend on Security Manager APIs [v4]

On 10/28/21 13:25, Weijun Wang wrote: >>> New `Subject` APIs `current()` and `callAs()` are created ... >>> where the `callAs()` method stores the subject into a `ThreadLocal` >>> object and the `current()` method returns it That approach is simple and sweet. There is a case it doesn't cover, whe

Re: RFR: 8267108: Alternate Subject.getSubject and doAs APIs that do not depend on Security Manager APIs [v4]

On Thu, 28 Oct 2021 19:34:21 GMT, Weijun Wang wrote: > Hi, Chap. Thanks for the comment. > > Is it possible you run `callAs` with a "higher level" subject that contains a > link to another more dynamic subject? For example, just make your > `Supplier` a public credential inside. If the caller

Re: RFR: 8267108: Alternate Subject.getSubject and doAs APIs that do not depend on Security Manager APIs [v5]

On Thu, 4 Nov 2021 22:11:41 GMT, Weijun Wang wrote: >> New `Subject` APIs `current()` and `callAs()` are created to be replacements >> of `getSubject()` and `doAs()` since the latter two methods are now >> deprecated for removal. >> >> In this implementation, by default, `current()` returns th