You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by sk...@apache.org on 2006/01/22 10:17:04 UTC
svn commit: r371247 - /jakarta/commons/proper/logging/trunk/xdocs/tech.xml
Author: skitching
Date: Sun Jan 22 01:17:01 2006
New Revision: 371247
URL: http://svn.apache.org/viewcvs?rev=371247&view=rev
Log:
Remove comment about how parent-first loading improves JVM security; it isn't correct.
Modified:
jakarta/commons/proper/logging/trunk/xdocs/tech.xml
Modified: jakarta/commons/proper/logging/trunk/xdocs/tech.xml
URL: http://svn.apache.org/viewcvs/jakarta/commons/proper/logging/trunk/xdocs/tech.xml?rev=371247&r1=371246&r2=371247&view=diff
==============================================================================
--- jakarta/commons/proper/logging/trunk/xdocs/tech.xml (original)
+++ jakarta/commons/proper/logging/trunk/xdocs/tech.xml Sun Jan 22 01:17:01 2006
@@ -393,10 +393,6 @@
<p>
Parent-first loading has been the standard mechanism in the JDK
class loader, at least since Java 1.2 introduced hierarchical classloaders.
- The primary reason for this is safety -- parent-first
- makes it impossible for malicious code to trick the JVM into
- replacing a core class (say, <code>java.security.SecurityManager</code>) with a
- class of the same name loaded from a child classloader.
</p>
<p>
Child-first classloading has the advantage of helping to improve isolation
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org
Re: svn commit: r371247 -
/jakarta/commons/proper/logging/trunk/xdocs/tech.xml
Posted by robert burrell donkin <ro...@blueyonder.co.uk>.
On Sun, 2006-01-22 at 09:17 +0000, skitching@apache.org wrote:
> Author: skitching
> Date: Sun Jan 22 01:17:01 2006
> New Revision: 371247
>
> URL: http://svn.apache.org/viewcvs?rev=371247&view=rev
> Log:
> Remove comment about how parent-first loading improves JVM security; it isn't correct.
<snip>
> Parent-first loading has been the standard mechanism in the JDK
> class loader, at least since Java 1.2 introduced hierarchical classloaders.
> - The primary reason for this is safety -- parent-first
> - makes it impossible for malicious code to trick the JVM into
> - replacing a core class (say, <code>java.security.SecurityManager</code>) with a
> - class of the same name loaded from a child classloader.
parent-first loading does not improve JVM security but AIUI that is the
reason why parent-first loading was made the standard mechanism. i agree
that sentence is probably best removed (though) since it's a little
misleading.
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org