Tom Tromey wrote:
"Gary" == Gary Benson <[EMAIL PROTECTED]> writes:
The reason there is still a lot of code that uses System.getProperty()
is either historical (i.e. SystemProperties was introduced after
that code was written) or because the author was unaware of
SystemProperties. We've not been as careful about this as we maybe
should be.
Gary> The Mauve tests I am writing should cover every method that's
Gary> documented as performing security tests on a property, so don't
Gary> worry about accidentally writing something insecure: I ought to
Gary> catch it in the next few weeks.
I think the issue here is what happens when some random piece of
Classpath is run in an environment with a security manager. In this
case, the theory goes, we could get security failures where they ought
not occur. So, we end up using SystemProperties and PrivilegedAction
all over the place...
IOW the security tests are testing that we properly call the security
manager in every place we're required to. This is great and
definitely necessary. But, it won't catch this failure mode, which is
that we're calling the security manager, and being rejected, when that
ought not to happen.
So what should happen in a class like
gnu/java/net/protocol/http/HTTPConnection when we have to read properties?
Should it use SystemProperties or PrivilegedAction? And is the answer
documented anywhere?
David Daney.
