commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert burrell donkin <robertburrelldon...@blueyonder.co.uk>
Subject Re: svn commit: r371247 - /jakarta/commons/proper/logging/trunk/xdocs/tech.xml
Date Sun, 22 Jan 2006 20:26:52 GMT
On Sun, 2006-01-22 at 09:17 +0000, skitching@apache.org wrote:
> Author: skitching
> Date: Sun Jan 22 01:17:01 2006
> New Revision: 371247
> 
> URL: http://svn.apache.org/viewcvs?rev=371247&view=rev
> Log:
> Remove comment about how parent-first loading improves JVM security; it isn't correct.

<snip>

>  	Parent-first loading has been the standard mechanism in the JDK
>  	class loader, at least since Java 1.2 introduced hierarchical classloaders.  
> -	The primary reason for this is safety -- parent-first
> -	makes it impossible for malicious code to trick the JVM into
> -	replacing a core class (say, <code>java.security.SecurityManager</code>)
with a
> -	class of the same name loaded from a child classloader.

parent-first loading does not improve JVM security but AIUI that is the
reason why parent-first loading was made the standard mechanism. i agree
that sentence is probably best removed (though) since it's a little
misleading.

- robert  


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message