On 28/07/2021 9:12 am, Peter Firmstone wrote:
While its possible to use a dynamic proxy without downloading code,
via an atomic serialization connection, it's not generally advised to
do so with unauthenticated users, decisions around dynamic discovery,
whether class loading or downloads are a
Thanks Remi,
Sand-boxing is a bad idea, we are in agreement, it's not something we
do, personally I'm taking an interest in safer languages, eg Haskell on
secure platforms, eg OpenBSD on Sparc64 *.
Perhaps JEP 411 is simply a reflection on the evolution of languages.
Java was safer than C a
On Sat, 22 May 2021 00:20:11 GMT, Bradford Wetmore wrote:
> The JceSecurityManager is currently a subclass of
> java.security.SecurityManager. Now that JEP 411 has been integrated, this
> class should be updated to no longer subclass SecurityManager.
>
> The only reason for using SecurityMana
On Fri, 23 Jul 2021 17:16:26 GMT, Sean Mullan wrote:
> Please review this fix to change the internal `X509CertImpl.getFingerprint`
> method to not return "" as a fingerprint if there is an error generating that
> fingerprint. Instead, `null` is now returned, and "" is no longer cached as a
> v
On Tue, 27 Jul 2021 05:43:53 GMT, Bradford Wetmore wrote:
>> The JceSecurityManager is currently a subclass of
>> java.security.SecurityManager. Now that JEP 411 has been integrated, this
>> class should be updated to no longer subclass SecurityManager.
>>
>> The only reason for using Securit
