Re: New Java JDK released
On 1/15/2014 7:14 PM, Silvio wrote:
On 01/15/2014 11:41 PM, markspace wrote:
On 1/15/2014 2:34 PM, Silvio wrote:
Until someone explains to me why this change makes sense I call it a
I did explain it. Here's my question: did you try this on a test server
to see if it's actually a problem for you, or are you just making stuff
up when you say it's a problem?
No, I did not try this because the Linux servers I have available are
not rolling release ones so I can not yet upgrade my Java. Additionally,
I am not able to test on all platforms I currently deploy to. That is
why I was asking if someone else did experiment, I welcome any
additional info.
Are there any reason to believe that this change is platform specific?
If not then testing on one platform (like you development platform)
should give a decent indication.
And you would test on your deployment platforms when they
upgrade some day anyway.
I read the release notes and am worried that I may run into problems in
the near future, perhaps when one of my users does a system upgrade like
they have done so often. You make it seem like I am trying to cause a
panic but I just wanted to achieve two things: find out if someone could
either confirm or falsify my worries and make other people aware of the
policy change since I know by experience that many upgrade their Javas
without reading the release notes.
I still hope that I am wrong but if that is the fact then the release
note is at least vague. If not (and I think I can read, hence my
worries) then I wonder why such possibly disrupting changes are made in
minor releases with only a footnote in the release notes.
And you did not explain anything. You just copied the release note I
already read. If the change was made for security reasons (what else
could there be) then I would like some explanation about the security
breach that is closed with it.
I can not see what is vague.
I read Marks post and it took less time to develop examples
showing the topic under discussion than to write this post.
import java.io.IOException;
import java.net.ServerSocket;
public class SS {
public static void main(String[] args) throws IOException {
new ServerSocket(2000);
}
}
work on both _45 and _51.
import java.io.IOException;
import java.net.ServerSocket;
import java.rmi.RMISecurityManager;
public class SMSS {
public static void main(String[] args) throws IOException {
System.setSecurityManager(new RMISecurityManager());
new ServerSocket(2000);
}
}
works on _45 and throws an AccessControlException on _51.
Lots of people update Java without reading release notes. But
very few Java users actually uses a security manager. And if they
do then they will or at least should know how to read documentation.
The reason behind the change does not impact how it works or
what other changes may be necessary for the few using a security
manager.
Arne