|
From: | Casey Marshall |
Subject: | Default Policy |
Date: | Mon, 8 Aug 2005 21:14:07 -0700 |
Hi,Any opposition to changing the default security policy to gnu.java.security.PolicyFile? The current default policy is all- permissive to all code, which is a pretty bad policy (all code will work without security exceptions, but if something doesn't work because Classpath isn't using privileged actions appropriately, that should be considered a bug; I would rather err on the side of being too strict).
If yes, Classpath should also come with a sensible default java.policy file. Any thoughts about what it should contain? I suppose it should be similar to the default policy that comes with most other Sun JREs, but I don't know if we can just use a copy of that one.
[Prev in Thread] | Current Thread | [Next in Thread] |