Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

By default, the Verifier is disabled on .Net and Java

From: cradle at umd.edu (David Eisner)
Date: Thu, 11 May 2006 12:21:46 -0400
Michael Silk wrote:

The "verifier" is enabled via the commandline. It is either on or off.


I'm not sure that's true.  See:

    http://securecoding.org/pipermail/sc-l/2006/000262.html

Summary: there are *three* comandline options: -verify, -noverify, and
-verifyremote.  It is -verifyremote that is the default, which only
verifies "remote" code.  However, the definition of "remote" depends on
which of the four phases [1] of verification are being performed.

-David

[1]
http://java.sun.com/docs/books/vmspec/2nd-edition/html/ClassFile.doc.html#9766
Previous By Date Next
Previous By Thread Next

Current thread: