tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Chaffee <>
Subject Re: What Do We Do With The User's Classpath?
Date Thu, 13 Jul 2000 17:20:50 GMT
> > > I propose to change this order to #3 -> #1 -> #2 on the main branch, and
> > > then have
> > > people test it before we commit it to the 3.2 branch.  Comments?  Votes?

+1, modulo a security audit of the sandboxing security manager.  That
was added fairly recently, right?

> > The order is important for security reasons, and is the right order.
> >
> For code used inside the container, Tomcat's classpath should rule.  For
> within the application (which is already sandboxed), it is not.

I agree.  And the XML parser example is one I've actually encountered :-(

BTW, this is an issue that has always infuriated me: Java as currently
spec'd is *not* sufficient for the needs of a persistent operating
system or environment.  It needs a way to actively load and unload
classes, and select versions thereof.  AdaptiveClassLoader is an
effective but clunky solution to a problem that should be solved by
the language (and/or the VM spec).

Plus there's the whole System.exit() thing. :-)

Alex Chaffee             
jGuru - Java News and FAQs
Creator of Gamelan       
Founder of Purple Technology
Curator of Stinky Art Collective

View raw message