On Tue, Apr 26, 2022 at 8:17 AM Mario Torre <neug...@redhat.com> wrote: > I think there's a difference between "perceived" security and "actual" one. > > The SM in today's post Spectre, Meltdown and the likes world is > "perceived" security, which may lead to a relaxation on the security > of other layers because at least "we have additional security > checkpoints in the JDK".
I agree. Perceived security is a problem that has plagued SecurityManager since its inception, due in no small part to the noble (if misguided) apparent initial intention that it was to be an _actual_ sandbox. Fast forward through a quarter of a century of bitter education, and still, nothing in the documentation really refutes this or sets up a realistic expectation for what level of protection is _actually_ provided. Even the deprecation notice doesn't give any indication that SecurityManager is anything less than a perfect sandbox, referring instead to JEP 411. A necessary part of the proposal is a documentation overhaul that defines the exact contract of the API as well as a real-world discussion about what level of protection is (and is not) actually provided. If the user comes away from reading the documentation with the idea that turning on this switch means that they don't have to worry about security anymore, then that is a big problem. And from personal experience, I believe this is the case today, at least to a degree. -- - DML • he/him
