Re: MarshalledObject, -Djava.rmi.server.useCodebaseOnly=false, stubs, Phoenix, Activation, RMIClassLoaderSPI

Yes, that's correct, Oracle has set it true by default to close a security hole related to RMI, right now, River needs to set it back to false in order to function. I've fixed this in my local copy of River. The other reason it may be of concern is for RMIClassLoaderSPI providers that aren't

Re: MarshalledObject, -Djava.rmi.server.useCodebaseOnly=false, stubs, Phoenix, Activation, RMIClassLoaderSPI

Peter, I assume that you want to set -Djava.rmi.server.useCodebaseOnly=true to close a security hole, correct? Thanks, Bryan On Mon, Sep 28, 2015 at 7:38 AM, Peter wrote: > During my investigation into security, I realised wanted to set >

MarshalledObject, -Djava.rmi.server.useCodebaseOnly=false, stubs, Phoenix, Activation, RMIClassLoaderSPI

During my investigation into security, I realised wanted to set -Djava.rmi.server.useCodebaseOnly=true. To achive this I set about eliminating all generation of stubs in river, related to download jar's, except for one specifically within Phoenix itself, that was not downloaded, but was used