Not sure if this is the right place to mention this.
Anyone notice that specifying a custom security manager at jvm start up
causes issues with service providers loading? If using the sun
PolicyFile implementation, the policy doesn't load due to the provider
failure, I have a custom policy i
Have there been any recent developments, updates, or insights on this
issue? I wonder if a gradual change to RFC 3986 support might be more
appropriate: for example, start with*just* accepting empty SSP.
If the compatibility requirements of java.net.URI are too stringent to
allow for any change
Historically Java's strong type system has eliminated many security issues
developers experience in other non type safe languages.
De Serialization of untrusted / unvalidated data presents a problem for java,
given the deployed software in use today.
I have a working reimplimentation of deser
I haven't had time, but at one time I had planned to assist upgrading
java.net.URI to RFC3986.
I'm not the sole author of the Uri class which can be found here, however since
it has a similar public api to java.net.URI, it could be used as a drop in
replacement for testing the feasibility and i
.
I'll keep an eye out for the JSR.
When is a better timeframe, roughly, to discuss Serializable?
Regards,
Peter.
- Original message -
> On 11/08/2014 13:06, Peter Firmstone wrote:
> > Thanks Alan, I can relate to time poverty :)
> >
> > I might be assuming t
eugster/Ribbons/RJ.pdf
https://www.cs.purdue.edu/homes/peugster/Ribbons/
Got any links to info on extending access control rules?
Regards,
Peter.
On 11/08/2014 9:21 PM, Alan Bateman wrote:
On 09/08/2014 06:56, Peter Firmstone wrote:
I've noticed there's not much interest in improving Seri
On 11/08/2014 8:12 PM, Peter Firmstone wrote:
Brian,
Thanks for picking up on my frustration ;)
I have something in mind for Serializable2 to address cyclic data
structures and the possibility of independant evolution of super and
child classes, while retaining a relatively clean public api
Brian,
Thanks for picking up on my frustration ;)
I have something in mind for Serializable2 to address cyclic data
structures and the possibility of independant evolution of super and
child classes, while retaining a relatively clean public api, with one
optional private method. The methods
I've noticed there's not much interest in improving Serialization on these
lists. This makes me wonder if java Serialization has lost relevance in recent
years with the rise of protocol buffers apache thrift and other means of data
transfer over byte streams.
The burden of implementing Seriali
On 28/07/2014 7:28 PM, Peter Firmstone wrote:
Updated files attached, including update to State of Serialization draft.
For those who didn't get the attachment:
*State of Java Serialization - Draft*
Introduction
The Java Serialization framework enables object state to be frozen,
s
Updated files attached, including update to State of Serialization draft.
Note that the attached source code can be provided under the Oracle
agreement.
I'm a little time poor, so please contribute suggestions etc.
Regards,
Peter.
On 26/07/2014 7:57 PM, Peter Firmstone wrote:
I'
witch
On 22/07/2014 1:10 AM, Tom Hawtin wrote:
On 20/07/2014 11:57, Peter Firmstone wrote:
Since private methods are only be called by the ObjectOutputStream /
ObjectInputStream, during de-serialisation, subclass are not responsible
for calling these methods, hence subclass ProtectionDomain
:11, Peter Levart wrote:
On 07/10/2014 02:50 AM, Peter Firmstone wrote:
Are there parties on this list interested in updating java.net.URI
to RFC3986?
Is there anyone here who has previously attempted this? If so what
issues did you find with regard to backward compatibility?
Regards,
Peter.
Are there parties on this list interested in updating java.net.URI to
RFC3986?
Is there anyone here who has previously attempted this? If so what
issues did you find with regard to backward compatibility?
Regards,
Peter.
14 matches
Mail list logo
