Hi Chris,
Thanks for taking another look.
On 10/3/2016 4:53 AM, Chris Hegarty wrote:
Roger,
On 14/09/16 10:46, Chris Hegarty wrote:
One more additional comment:
4) Since filtering is not controlled by the Security Manager,
does it make sense for its configuration to live in the
java.security file?
The primary function of serialization filtering is security related and
it leverages the existing
configuration mechanism for security functions. Though slightly
off-topic, it did not seem
worthwhile to create a separate configuration mechanism. I discussed the
location and properties
with the security team and they have reviewed the changes.
Thanks, Roger
-Chris.
-Chris.
/Webrev:
http://cr.openjdk.java.net/~rriggs/webrev-serial-filter-jdk9-8155760/
<http://cr.openjdk.java.net/%7Erriggs/webrev-serial-filter-jdk9-8155760/>/
SpecDiff:
http://cr.openjdk.java.net/~rriggs/filter-diffs/overview-summary.html
Javadoc (subset)
http://cr.openjdk.java.net/~rriggs/filter-javadoc/java/io/ObjectInputStream.html
http://cr.openjdk.java.net/~rriggs/filter-javadoc/java/io/ObjectInputFilter.html
http://cr.openjdk.java.net/~rriggs/filter-javadoc/java/io/SerializablePermission.html
Thanks, Roger
