Sebb created LANG-1076:
--------------------------
Summary: SystemUtils.getSystemProperty(String property) - use
doPrivileged?
Key: LANG-1076
URL: https://issues.apache.org/jira/browse/LANG-1076
Project: Commons Lang
Issue Type: Improvement
Reporter: Sebb
COLLECTIONS-538 suggests fetching Properties should be done from a
doPrivileged() block.
I think this would help in the case where LANG is trusted, but is being called
from code that is not trusted.
If so, then it looks like the following code could be used:
{code}
try {
// WAS: return System.getProperty(property);
return java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
return System.getProperty(property);
}
}
);
} catch (final SecurityException ex) {
etc.
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
