Re: RFR: 8277322: Document that setting an invalid property jdk.serialFilter disables deserialization

On Mon, 22 Nov 2021 19:57:25 GMT, Roger Riggs wrote: > The effects of an invalid `jdk.serialFilter` property are not completely > documented. If the value of the system property jdk.serialFilter is invalid, > deserialization should not be possible and it should be clear in the >

Re: RFR: 8277322: Document that setting an invalid property jdk.serialFilter disables deserialization

On Tue, 30 Nov 2021 20:43:23 GMT, Roger Riggs wrote: >> This is about the second line of defense; what happens when the developer >> deliberately ignores the first error. >> If the command line parameters are invalid it might be an option to call >> `System.exit(1)` but there >> is no

Re: RFR: 8277322: Document that setting an invalid property jdk.serialFilter disables deserialization

On Wed, 24 Nov 2021 15:39:13 GMT, Roger Riggs wrote: >> If the intent is to disable serialization entirely, then this state should >> be represented explicitly. Having things throw `NoClassDefFoundError` looks >> like a mistake and a bug that needs to be fixed. In addition, it requires >>

Re: RFR: 8277322: Document that setting an invalid property `jdk.serialFilter` disables deserialization

On Tue, 23 Nov 2021 23:07:08 GMT, Stuart Marks wrote: >> Most configurations of `jdk.serialFilter` and` jdk.serialFilterFactory` will >> be valid. >> If they are not valid, the cause must be clear and useful suggestion made to >> correct the command line >> or security properties. >> >> It

Re: RFR: 8277322: Document that setting an invalid property `jdk.serialFilter` disables deserialization

On Tue, 23 Nov 2021 21:44:17 GMT, Roger Riggs wrote: >> src/java.base/share/classes/java/io/ObjectInputFilter.java line 529: >> >>> 527: * if the filter string is invalid, an {@link >>> ExceptionInInitializerError} is thrown >>> 528: * and the initialization fails; subsequent

Re: RFR: 8277322: Document that setting an invalid property `jdk.serialFilter` disables deserialization

On Tue, 23 Nov 2021 04:40:04 GMT, Stuart Marks wrote: >> The effects of an invalid `jdk.serialFilter` property are not completely >> documented. If the value of the system property jdk.serialFilter is invalid, >> deserialization should not be possible and it should be clear in the >>

Re: RFR: 8277322: Document that setting an invalid property `jdk.serialFilter` disables deserialization

On Mon, 22 Nov 2021 19:57:25 GMT, Roger Riggs wrote: > The effects of an invalid `jdk.serialFilter` property are not completely > documented. If the value of the system property jdk.serialFilter is invalid, > deserialization should not be possible and it should be clear in the >

Re: RFR: 8277322: Document that setting an invalid property `jdk.serialFilter` disables deserialization

On Mon, 22 Nov 2021 19:57:25 GMT, Roger Riggs wrote: > The effects of an invalid `jdk.serialFilter` property are not completely > documented. If the value of the system property jdk.serialFilter is invalid, > deserialization should not be possible and it should be clear in the >

Re: RFR: 8277322: Document that setting an invalid property `jdk.serialFilter` disables deserialization

On Mon, 22 Nov 2021 19:57:25 GMT, Roger Riggs wrote: > The effects of an invalid `jdk.serialFilter` property are not completely > documented. If the value of the system property jdk.serialFilter is invalid, > deserialization should not be possible and it should be clear in the >

RFR: 8277322: Document that setting an invalid property `jdk.serialFilter` disables deserialization

The effects of an invalid `jdk.serialFilter` property are not completely documented. If the value of the system property jdk.serialFilter is invalid, deserialization should not be possible and it should be clear in the specification. Specify an implementation specific exception is thrown in