Re: RFR[10]:8159526 Deprivilege jdk.httpserver

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Re: RFR[10]:8159526 Deprivilege jdk.httpserver

Chris Hegarty

> On 12 Sep 2017, at 09:46, vyom tewari <[hidden email]> wrote:
> On Tuesday 12 September 2017 02:12 PM, Alan Bateman wrote:
>> On 12/09/2017 09:06, vyom tewari wrote:
>>> Hi,
>>> Please review the below code change.
>>> BugId:
>>> Webrev-1:
>>> Webrev-2:

Thanks Vyom, this looks good.

>>> Code change will De-privilege jdk.httpserver, we gave "jdk.httpserver" all permission for now.
>> Moving jdk.httpserver to the platform class loader looks fine. Are you planning a second phase to identify the permissions needed so that it doesn't have to be granted AllPermission?
> yes, i will file a separate issue for this.

Thanks. Please link the new issue to 8159526.