Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8290367

Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property

    XMLWordPrintable

Details

    • b16
    • generic
    • generic
    • Verified

    Description

      The LDAP Naming Service Provider implementation's default settings can be improved by disallowing the reconstruction of Java objects from different LDAP attributes (RFC 2713). Changes include the following modifications:
      - Extend the scope of the system property to cover the creation of RMI remote objects from the 'javaRemoteLocation' LDAP attribute.
      - Update the default value of com.sun.jndi.ldap.object.trustSerialData system property to "false". That will prevent the deserialization of java objects from the 'javaSerializedData' and the 'javaRemoteLocation' LDAP attributes.

      Attachments

        Issue Links

          Activity

            People

              aefimov Aleksej Efimov
              aefimov Aleksej Efimov
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: