Jeroen Frijters wrote: > Wolfgang Baer wrote: > > I am a bit confused when to use the internal > > SystemProperties.getProperty() method over the normal > > System.getProperty() method. > > When writing new code (or modifying existing code) you should almost > always use SystemProperties.getProperty(). Unless that would be a > clear security risk and/or it is documented that the method does a > security check on the property. > > The reason there is still a lot of code that uses System.getProperty() > is either historical (i.e. SystemProperties was introduced after > that code was written) or because the author was unaware of > SystemProperties. We've not been as careful about this as we maybe > should be.
The Mauve tests I am writing should cover every method that's documented as performing security tests on a property, so don't worry about accidentally writing something insecure: I ought to catch it in the next few weeks. Cheers, Gary
