chris at hazelcast.com
Thu Apr 6 14:29:16 UTC 2017
I would agree with the paper that you shared, Dalibor. The SecurityManager system is not self-explanatory and I would also agree that, at least in the systems I worked with, there normally is no SecurityManager set, or even worse, the software fails with a SecurityManager set because some library doesn’t play nice.
On the other side, I think the solution to make more use of the SecurityManager is not wrong but the API should be revised and a better / faster way is necessary, maybe incorporating the new StackWalker API for access checks.
Manager Developer Relations
> On 6. Apr 2017, at 15:52, dalibor topic <dalibor.topic at oracle.com> wrote:
> On 06.04.2017 15:24, Gregg Wonderly wrote:
>> SecurityManager needs to be used more
> Potentially relevant academic research: http://www.cs.cmu.edu/~clegoues/docs/coker15acsac.pdf
> "We observed evidence that many developers struggle to
> understand and use the security manager for any purpose.
> This is perhaps why there were only 36 applications in our
> dalibor topic
> <http://www.oracle.com> Dalibor Topic | Principal Product Manager
> Phone: +494089091214 <tel:+494089091214> | Mobile: +491737185961
> ORACLE Deutschland B.V. & Co. KG | Kühnehöfe 5 | 22761 Hamburg
> ORACLE Deutschland B.V. & Co. KG
> Hauptverwaltung: Riesstr. 25, D-80992 München
> Registergericht: Amtsgericht München, HRA 95603
> Komplementärin: ORACLE Deutschland Verwaltung B.V.
> Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
> Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
> Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
> <http://www.oracle.com/commitment> Oracle is committed to developing
> practices and products that help protect the environment
More information about the jigsaw-dev