Yes, that's correct, Oracle has set it true by default to close a
security hole related to RMI, right now, River needs to set it back to
false in order to function. I've fixed this in my local copy of River.
The other reason it may be of concern is for RMIClassLoaderSPI providers
that aren't
Peter,
I assume that you want to set -Djava.rmi.server.useCodebaseOnly=true to
close a security hole, correct?
Thanks,
Bryan
On Mon, Sep 28, 2015 at 7:38 AM, Peter wrote:
> During my investigation into security, I realised wanted to set
>
During my investigation into security, I realised wanted to set
-Djava.rmi.server.useCodebaseOnly=true.
To achive this I set about eliminating all generation of stubs in river,
related to download jar's, except for one specifically within Phoenix
itself, that was not downloaded, but was used