Re: RFR 8197595: Serialization javadoc should link to security best practices

2018-03-28 Thread Lance Andersen
Hi Roger, Looks good to go to me! Best Lance > On Mar 28, 2018, at 1:27 PM, Roger Riggs wrote: > > Hi, > > Updated with editorial suggestions. > > webrev: > http://cr.openjdk.java.net/~rriggs/webrev-serialwarn-8197595/index.html >

Re: RFR 8197595: Serialization javadoc should link to security best practices

2018-03-28 Thread Roger Riggs
Hi, Updated with editorial suggestions. webrev: http://cr.openjdk.java.net/~rriggs/webrev-serialwarn-8197595/index.html javadoc: http://cr.openjdk.java.net/~rriggs/serialwarn/api/java.base/java/io/package-summary.html

Re: RFR 8197595: Serialization javadoc should link to security best practices

2018-03-23 Thread Lance Andersen
Looks good to me also Roger with Sean’s suggestions :-) > On Mar 23, 2018, at 10:12 AM, Roger Riggs wrote: > > Please review adding a warning and a link to the Secure Coding Guidelines > and the new Serial Filter guide[2] included in the JDK 10 docs. > The warnings are added to Serializable, Obj

Re: RFR 8197595: Serialization javadoc should link to security best practices

2018-03-23 Thread Sean Mullan
Looks good to me. Minor nit, I would add "the" before "Secure Coding Guidelines for Java SE". I would also change "must" to "should" as these are recommended best practices, and not requirements that we can enforce. --Sean On 3/23/18 10:12 AM, Roger Riggs wrote: Please review adding a warni

RFR 8197595: Serialization javadoc should link to security best practices

2018-03-23 Thread Roger Riggs
Please review adding a warning and a link to the Secure Coding Guidelines and the new Serial Filter guide[2] included in the JDK 10 docs. The warnings are added to Serializable, ObjectInputStream, ObjectInputFilter and the java.io package summary. webrev: http://cr.openjdk.java.net/~rriggs/webr