Uploaded image for project: 'JDO'
  1. JDO
  2. JDO-816

Use Java 9 modules to protect LegacyJava

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • JDO 3.2.1
    • JDO 3.3
    • api
    • None

    Description

      Use Java 9 modules to simplify code and improve JDO security.

      The deprecation of the Java securityManager in Java 18 was handled in JDO-808 by adding a class LegacyJava as well as numerous doPrivileged() in the JDO API.

      Using Java 9 modules we could:

      • remove the code duplication
      • better protect the LegacyJava class (it should be safe, but it is a manually implemented security feature, which is never good)

      Alternative / Reason why we might NOT do it:

      • The rationale for removing the SecurityManager is that it does not protect against a real world attach vector. Using this argument we could simply remove LegacyJava and all associated classes and code.

      Attachments

        Activity

          People

            Unassigned Unassigned
            tilmannz Tilmann Zäschke
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: